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Overview of the NFS Services 


This manual dcxiuments the H P-UX 10.20 version of the NFS Services, 
with the 10.20 ACE (Additional Core Enhancements) or H WE 
(HardwareEnhancements) installed. 

This manual does not document NFS Diskless. For information on NFS 
Diskless configuration and administration, seethe Managing Systems 
and Workgroups manual. 

For more information, see Managing NFS and Nl S, by Hal Stern, 
published by O'Reilly & Associates. 
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The 10.20ACE and HWE 

With the 10.20 ACE and HWE, the NFS Services include the following, 
which were not part of the original 10.20 NFS Services: 

• AutoFS, the next generation of theNFS automounter. AutoFS solves 
many of the problems with the automounter. The syntax of the 
automounter maps does not change with AutoFS, but some of the 
command-line options are different. See 'To Migrate from the 
Automounter to AutoFS" on page 53. 

• CacheFS, a local file system type for caching information that is 
N F S-mounted from a remote server. CacheFS i mproves read 
performance for information that is read repeatedly. See Chapter 3, 
"Configuring the Cache File System (CacheFS)," on page 95. 

• NFS Protocol Version 3 (NFS PV3), the next version of NFS, 
which improves NFS performance and supports larger files. By 
default, the local NFS client will attempt to mount a filesystem using 
NFS version 3.1 f the NFS server does not support version 3, the file 
system will be mounted using version 2. You can specify the mount 
option vers=2 to force NFS to use NFS PV2. See 'To Change the 
Default Mount Options" on page40. 

The Compatibility Switch 

Thel0.20ACE and HWE includea system-wide compatibility switch to 
control the behavior of certain file system API s.The behavior of the 
stat 0 , statfs (), and statvfs () functions is affected. The fstat o, 
fstatfs 0 , and f statvfs () functions are affected as well, by virtue of 
the fact that they use the stat o , statfs o , and statvfs o functions. 

If the switch is in compatibility mode (compatible with the original 10.20 
system behavior, which is the default), return values from the stat o, 
statfs 0 , and statvfs () system calls are unaffected. With the switch 
in non-compatibility mode, these calls return different values in the 
st_fstype field of the stat structure returned by stat o , the f_fsid 
field of the statfs structure returned by statfs (), or the f_fsid or 
f_fsindex field of the statvfs Structure returned by statvfs o . 
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The values returned are appropriate to the type of filesystem being 
queried. Calls to sysfs () with these values will return nfs for NFS 
Versi on 2 fi I e systems, n f s 3 for N F S Versi on 3 fi I e systems, aut o f s for 
unmounted file systems being monitored by AutoFS, and cachef s for 
CacheFS mounts. (CacheFS filesystems normally return the value of the 
underlying mount, except for the f_basetype value in the statvf s 
structure, which will contain the value cachef s for the CacheFS file 
system.) 

To set the switch to compatibility mode (the default), type the foil owing: 

onccompat -c 

To set the switch to non-compatibility mode, type the following: 

onccompat -n 

For more information, seethe onccompat(lM ) man page. 

The compatibility switch is availableonly on the 10.20 ACE and FI WE. 
FIP-UX 10.30 and 11.0 already implement the non-compatible behavior. 
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The NFS Services 

Hewlett-Packard's NFS Services include the foil owing: 

• Network File System (NFS) provides transparent access to files 
from anywhere on the network. An NFS server makes a directory 
avail able to other hosts on the network by "exporting" the directory. 
An NFS client provides access to the NFS server's directory by 
"mounting" the directory. To users on the NFS client, the directory 
looks like part of the local file system. For information on configuring 
and administering NFS, see "Configuring and Administering NFS" on 
page 17. 

< Network Information Service (NIS) allows centralized 
management of common configuration files, like /etc/passwd, 
/etc/hosts, and /etc/services. An NIS "master server" holds 
master copies of the configuration files, or "maps". The master server 
may distribute copies of the maps to NIS "slaves servers" to provide 
load balancing and reliability. An NIS client gets configuration 
information from the master server or a slave server instead of from 
its local configuration files. (Some local configuration files, like 
/etc/passwd and /etc/group, can be used in addition totheNIS 
maps.) For more information, see "Configuring and Administering 
NIS"on page 101. 

< Network Lock Manager and Network Status Monitor 
(rpc.lockd and rpc.statd) provide file locking and synchronized file 
access to files that are shared with NFS. Files may be locked with 
lockf or fcnti. For more information, see the following man pages: 
lock;d(lM), statd(lM), lockf(2), and fcntl(2). 

• Remote Procedure Call (RPC) isthemechanismthat allows NFS 
clients and NFS servers to communicate. You can write your own 
RPC applications, using rpcgen, an RPC compiler that simplifies 
RPC programming. On HP-UX 10.30 and later, 
Transport-Independent RPC (TI-RPC) is supported. For information 
on RPC and rpcgen, see Power Programming with RPC, byj ohn 
Bloomer, published by O'Reilly and Associates, I nc. 

• Remote Execution Facility (REX) allows you to execute 
commands interactively on a remote host while your local 
environment is simulated on the remote host. To use REX, you issue 
the on command on your local host, supplying the command you want 
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to execute remotely and the name of the remote host where you want 
the command to execute. Your current environment variables are 
then copied to the remote host, and your home directory is mounted 
on the remote host using NFS. For information on configuring, 
administering, and using REX, see "Configuring and Using the 
Remote Execution Facility (REX)" on page 165. 

• The rup command collects and displays status information about the 
hosts on the local network. All hosts running the rstatd daemon will 
respond to queries from the rup command. For more information, see 
the man pages rstatd(lM) and rup(l). For information on 
configuring rstatd, see "Configuring the Other NFS Daemons and 
Services" on page 91. 

• The rusers command collects and displays information about all 
users logged intothe hosts on the local network. All hosts running the 
rusersd daemon will respond to queries from the rusers command. 
For more information, seethe man pages rusersd(lM) and 
rusers(l). For information on configuring rusersd, see "Configuring 
the Other NFS Daemons and Services" on page 91. 

• The rwaii program allows you to broadcast a message to all the 
users logged into a remote host. The rwaii program sends a message 
to a specified host where the rwaiid daemon is running. The rwaiid 
daemon then writes the message to all the users logged into that host. 
For more information, seethe man pages rwaiid(lM) and 
rwaii(lM). For information on configuring rwaiid, see "Configuring 
the Other NFS Daemons and Services" on page 91. 

• The spray command sends a stream of packets to a specified host 
and then reports how many of the packets were received and what 
the transfer rate was. All hosts running the sprayd daemon will 
repond to packets sent by the spray command. For more information, 
seethe man pages sprayd(lM) and sprayflM). For information on 
configuring sprayd, see "Configuring the Other NFS Daemons and 
Services" on page 91. 

• The quota command, which displays information about a user's disk 
usage and limits, may be used to get information about a user on a 
remote host, if the rquotad daemon is running on the remote host. 
For more information, seethe man pages rquotad(lM) and 
quota(l). For information on configuring rquotad, see "Configuring 
the Other NFS Daemons and Services" on page 91. 
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NOTE 


Thischapter tellsyou how to configure and administer an HP 9000 as an 
NFS server or client, by editing files and issuing H P-UX commands. 

An NFS server is a machine that "exports" (makes available) its local 
files and directories to NFS clients. An NFS client is a machine that 
"mounts"files and directories exported by NFS servers. NFS-mounted 
files and directories look to users like part of the NFS client's local file 
system. 

A machine can bean NFS server and an NFS client at the same time. 

HP does not support NFS or NIS over Wide Area Networks (WANs). 
WANs include network links using X.25, microwave links, public 
common carriers, or high speed lines (such as 56kb). 

HP offers limited support of NFS over extended LANs "Limited support" 
means that H P cannot unilaterally support every conceivable extended 
LAN topology for NFS, but HP will support LAN configurations on local 
LAN media between H P servers. These include 802.3 and FDDI 
segments separated by routers or bridges. Network Support must be 
purchased by the customer for support of N FS over extended LANs. 

This chapter is intended for system administrators who prefer not to use 
SAM. However, Hewlett-Packard recommends that you use SAM to 
configure and administer NFS. SAM (System Administration Manager) 
is Hewlett-Packard's wi ndows-based user interface for performing 
system administration tasks. To run SAM, type sam at the H P-UX 
prompt. SAM has an extensive onl i ne hel p fad I ity. 

This chapter contains the following sections: 

• Preparingfor NFS Configuration 

• Configuring and Administering an NFS Server 

• Configuring and Administering an NFS Client 

• Configuring and Administering AutoFS 

• Configuring and Using NFS Netgroups 

• Configuring the Other NFS Daemons and Services 
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Preparing for NFS Configuration 

Before you configure your machine as an NFS server or client, you must 
perform the fol lowi ng tasks: 

1. To Check the Network Connections 

2. To Set User I Ds and Group I Ds (if Nl S is not used) 

3. To Ensure that No User is a Member of Too Many Groups 

The rest of this section explains the procedures for performing these 
tasks. 

To Check the Network Connections 

• Issuethe /usr/sbin/ping(lM) command for each system with 
which your system will communicate using NFS. 

If theping(lM) command fails, seethe manuals listed below for 
troubleshooting procedures. 

Before you configure NFS, you must have already installed and 
configured the network hardware and software on all the machines that 
will use NFS. For information on installing and configuring the network 
hardware and software, refer to the fol I owing manuals: 

I nstalling and Administering LAN/ 9000 Software 

Installing and Administering Token Ring/ 9000 Software 

I nstalling and Administering FDDI/ 9000 Software 
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To Set User I Ds and Group I Ds (if Nl S is not 
used) 

• Create one /etc/passwd file and one /etc/group file that contain 
all the users and groups on the network, and then copy these files to 
all the machines on the network. 

or 

• Edit the /etc/passwd and /etc/group files on each machine to 
ensure that the foil owing conditions are true: 

• Each user has the same user ID on all machines where that user 
has an account. 

• No two users anywhere on the network have the same user ID. 

• Each group has the same group ID on all machines where that 
group exists. 

• No two groups on the network have the same group ID. 

When users request NFS access to remote files, their user I Dsand group 
IDs are used to check file ownership and permissions, just as they are 
locally. 

If a user has one user ID on an NFS client and a different user ID on an 
NFS server, the server will not grant the user access to his or her files on 
the server, because it thinks the files belong to someone else. 

If a user on one machine has the same user ID as a user on another 
machine, one user may gain access to the other user's files. 

For information on the /etc/passwd and /etc/group files, type man 4 
passwdorman 4 group at the H P-UX prompt. 

If you are using NIS, the /etc/passwd and /etc/group files are 
managed by a master server, and all other machines on the network 
request user and group information from the servers. With NIS, it is 
unnecessary to set user I Ds and group I Ds on each machine. For 
instructions on configuring NIS, see "Configuring and Administering 
NIS"on page 101. 
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To Ensure that No User is a Member of Too 
Many Groups 

1. If you are not running Nl S, issue the following command for each 
user on your system: 

/usr/bin/grep -c USemame /etc/group 

This command returns the number of occurrences of username in the 

/etc/group file. 

If you are using NIS to manage your group database, issue the 
following command for each user in your domain: 

/usr/bin/ypcat -k group | /usr/bin/grep -c USernamG 

This command returns the number of occurrences of username in the 
NIS group database. 

2. If any user is a member of more than 16 groups, remove the user from 
some of the groups. See 'To Modify an Nl S Map" on page 120 for 
instructions on modifying an NIS map. 

If you are running a version of H P-UX older than release 9.0, a user 
can be a member of only 8 groups, rather than 16. 

If a user is a member of too many groups, NFS returns an RPC 
authentication error when the user attempts access to files or directories 
using NFS. 
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Configuring and Administering an NFS 
Server 

An NFS server is a machine that "exports" its local directories (makes 
them avail able for client machines to mount using NFS) On the NFS 
client, these mounted files and directories look to users like part of the 
client's local filesystem. An NFS server can also bean NFS client. 
Following are the tasks involved in configuring and administering an 
NFS server. The first two tasks are the only ones required to get your 
server up and running. 

• To Make Directories Availableto NFS Clients (Export Directories) 

• To Enable NFS Server Capability 

• To Remove (U nexport) an Exported Directory 

• To Enable PC NFS Server Capability 

• To Disable NFS Server Capability 

This section tells you howto perform these tasks, by editing files and 
issuing HP-UX commands. However, Hewlett-Packard recommends that 
you use SAM to configure and administer NFS. SAM (System 
Administration Manager) is Hewlett-Packard's windows-based user 
interface for performing system administration tasks. To run SAM, type 
sam at the H P-UX prompt. SAM has an extensive online help facility. 
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To Make Directories Available to NFS Clients 
(Export Directories) 

1. Add a line to the /etc/exports filefor each directory you want to 
makeavailableto NFS clients, using a text editor likevi. If the 
/etc/exports file does not exist on your system, you will have to 
create it. Following is the syntax of a line in the /etc/exports file: 

d i rectory [ - opti on [, opti on ] ] 

Typeman 4 exports at the H P-UX prompt for a Complete list of the 
export options. After adding your exported directories to the 
/etc/exports file, you must enable NFS server capability before 
NFS clients can mount your exported directories. See 'To Enable NFS 
Server Capability"on page 27. 

2. If your system is already running as an NFS server, issue the 
following command to add the directory to your server's internal list 
of exported directories: 

/usr/sbin/exportfs directory 

You can issue the exportfs -i command to add the directory to your 
server's internal list of exported directories, without adding the directory 
tothe /etc/exports file. However, it will stop being exported when you 
reboot your system or restart N F S, unless you also add it to the 
/etc/exports file. (I ssuing the exportfs command does not change 
thecontentsof the /etc/exports file.)Typeman 1M exportfs for 
more information. 

You cannot export a directory and its ancestor or descendant, if they are 
on the same disk or logical volume. For example, if you are exporting the 
root directory (/), you cannot also export /opt, unless / and /opt areon 
different disks or logical volumes. Likewise, if you are exporting 
/opt/frame, you cannot also export /opt unless /opt/frame and /opt 
are on different disks or logical volumes. However, if a directory and its 
ancestor or descendant areon different disks or logical volumes, and you 
want to export both of them, you must export them using two separate 
entries in /etc/exports. Usethebdf(lM) command to determine 
whether your filesystems areon different disks or logical volumes. Each 
line in thebdf output is a separate disk or volume that requires its own 
entry in /etc/exports if you want to export it. 

The /etc/exports file should be owned by root and have mode 644 

(-rw-r—r—). 
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Figure 2-1 


The export options that restrict access to an exported directory are 
applied in addition to the regular HP-UX permissions already in pi ace on 
that directory. For example, if only the owner of a file has permission to 
write to it, nobody else can write to the file, even if it is exported to the 
world with read/write permission. 

Access permissions may also be specified on the NFS client when a 
directory is mounted. If these permissions are different from the 
permissions for the exported directory on the NFS server, the more 
restrictive permissions are used. 

It is not a good idea to export a directory if it contains a symbolic link 
that points outside the exported directory. Once the directory is mounted 
on an NFS client, the symbolic link will be resolved locally on the cl lent, 
so the destination of the symbolic link must exist on the client as well as 
the server. If the destination of the symbolic link does not exist on the 
client, aNo such file or directory message will be displayed 
whenever anyone attempts access to it. 

Figure 2-1 illustrates the problem of symbolic links in NFS mounts, 
where the destination of the symbolic link exists on the NFS server but 
might not exist on the NFS client. 


Symbolic Links in NFS Mounts 

NFS server 

/ 


/exports /nonexperts 
/dirl /file2 


NFS client 

/ 


/nf s 
/dirl 


Where is 
/file2? 
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Examples from /etc/exports 

The following example exports the /usr/bin directory to NFS clients 
cabbage, cauliflower, and broccoli. Users on client broccoli have 
read/write access to the /usr/bin directory. Users on cabbage and 
cauliflower have read-only access. I n addition to the export options, 
the HP-UX permissions for the /usr/bin directory must beset to allow 
access to the world or to a group that includes the users on broccoli, 
cabbage and cauliflower. 

/usr/bin -access=cabbage:cauliflower:broccoli,rw=broccoli 

The following example allows all NFS clients read-only access to the 
directory /usr/share/man. The /usr/share/man directory must also 
allow read access to NFS users (for example, with -r—r—r— 
permissions). 

/usr/share/man -ro 

The following example exports the /var/maii directory. It allows root 
access to clients sage, thyme, and basil. The root users on all other 
NFS clients areconsidered "unknown" to the NFS server, so they are 
given the access privileges of user nobody. Non-root users on all NFS 
clients are allowed read/write access to the /var/maii directory, if the 
HP-UX permissions on the /var/maii directory allow them read/write 
access. 

/var/mail -root=sage:thyme:basil 

The following example exports the private root directory of diskless 
client sage. It allows root access to the root user on client sage. All other 
users on client sage have read/write access, if they are allowed 
read/write access through the regular H P-UX permissions. Users on 
other NFS cl ients have read-only access, if they are al lowed read access 
through the H P-UX permissions. 

/export/private_roots/sage -rw=sage,root=sage 

I n the foil owing example, any user without a valid user ID who attempts 
access to client basil's private root directory will receive an RPC 
authentication error, because anonymous access is denied with the 
anon=65535 option. The root user on client basil is allowed root access 
to the directory, but the root users on all other machines are treated as 
"unknown" and denied access. The non-root users on all NFS clients are 
allowed read/write access, if the HP-UX permissions on that directory 
allow them read/write access. 

/export/private_roots/basil -root=basil,anon=65535 
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The following example exports the /export/newsletter directory to 
all NFS clients. Root users will be given the effective user ID of 200. 
Other anonymous users will keep their own user I Ds (even though they 
do not exist in the NFS server's passwd database), but they will be given 
the access permissions associated with user ID 200. If a root user is 
allowed to create a file in this directory, the is command will show that 
it is owned by user ID 200.1 f an anonymous user with a non-zero user ID 
(for example, 840) is allowed to create a file in this directory, the is 
command will show that it is owned by user ID 840. 

/export/newsletter -anon=200 

The following example exports the /opt/frame directory to all NFS 
clients. Non-root users have read/write access (if the regular H P-UX 
permissions allow it), and root users are given the access privileges of 
user nobody. NFS writes are done asynchronously; that is, when an NFS 
client writes data to a mounted directory, the server returns a response 
before writing the data to disk. This allows the client to continue 
processing without waiting for the write request to complete. 

/opt/frame -async 
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To Enable NFS Server Capability 

1. I n the / etc/rc. con fig. d/nf sconf file, make sure the 
NFS_SERVER and START_MOUNTD Variables are set to 1, as follows: 

NFS_SERVER=1 

START_MOUNTD=l 

2. Issue the following command to run the NFS startup script: 

/sbin/init.d/nfs.server start 

TheNFS startup script uses the variables in 

/etc/rc. conf ig. d/nf sconf to determine which processes to start. 

The START_MOUNTD Variable causes the N FS startup script to start 
rpc .mountd, the mount daemon. 

CAUTION If rpc.mountd is Configured in / etc/inetd. conf on your system, set 

the START_MOUNTD flag to 0. Mounts will fail if rpc .mountd is enabled 
through both /etc/inetd.conf and /etc/rc.config.d/nfsconf. 

For more information, see the foil owing man pages: mountd(lM) and 
inetd.con f(4). 
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To Remove (Unexport) an Exported Directory 

1. On the NFS server, issue the foil owing command for a list of all the 
NFS clients that have mounted the directory you want to unexport: 

/usr/sbin/showmount -a 

The output of the showmount command is not always complete. If an 
NFS client mounts a remote directory twice and unmounts it only once, 
the remote directory is still mounted on the client, but the showmount 
command does not list that client. Also, clients configured to automount 
a directory will not be listed by the showmount command if the directory 
is not currently mounted. 

2. On every NFS client that has the directory mounted, issue the 
following command for a list of the process I Ds and user names of 
everyone using the mounted directory: 

/usr/sbin/fuser -u servemame:/directory 

3. Warn any users to cd out of the di rectory, and ki 11 any processes that 
are using the directory, or wait until the processes terminate. You can 
use the following command to kill all processes using the directory: 

/usr/sbin/fuser -ck IOC3l_mOunt_point 

4. On every NFS client that has the directory mounted, issue the 
following command to unmount the directory: 

/usr/sbin/umount local_mount_point 

or 

/usr/sbin/umount servemame:/ directory 

5. On every NFS client that had the directory mounted, use a text editor 
to comment out or remove the line in the /etc/f stab filethat lists 
the directory you want to unexport. This prevents clients from 
attempt! ng to mount the di rectory when they reboot. 

6. On every client that has the directory configured to be automounted, 
edit the /etc/auto_* files to comment out or remove the directory 
from the automounter maps. Clients that automount the directory 
may not be listed by the showmount command. 

If you are using Nl S to manage your automounter maps, edit the 
/etc/auto_* files on theNIS master server, and then issue the 
following commands to regenerate the maps and push them to the 
slave servers: 
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cd /var/yp 

/usr/ccs/bin/make auto_rnapnarnG auto_rnapnarnG ... 

7. I f you modified the automounter master map, or if you added or 
deleted an entry in an automounter direct map, issue the following 
command, on all clients that use the map, to force AutFS to reread its 
maps: 

/usr/sbin/automount 

8. On the N F S server, use a text editor to remove the I i ne i n the 
/etc/exports file that lists the directory you want to unexport. 

9. On the NFS server, issue the following command to unexport the 
directory: 

/usr/sbin/exportfs -u directory 

If you unexport a directory that an NFS client currently has mounted, 
the next time someone on that client requests access to the directory, 
NFS will return an NFS stale file handle error message. The client 
may be able to unmount the directory, but if that does not work, the 
client must reboot to recover. 

For more information, see the foil owing man pages: showmount(lM), 
fuser (IM), umount(lM ), and exportf s(lM), automount (IM), make(l), 

and ypmake(lM). 
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To Enable PC NFS Server Capability 

1. If necessary, create a file cal led /etc/pcnfsd. conf and add PC NFS 
configuration information to it. The /etc/pcnfsd. conf file is not 
required in order to run pcnfsd. For more information on the 

/etc/pcnfsd. conf file, typeman IM pcnfsd at the H P-UX 
prompt. 

2. I n the /etc/rc. config. d/nf sconf file, use a text editor to set the 
PCNFS_SERVER flag to 1, as follows: 

PCNFS_SERVER=1 

3. Issue the following command to run the NFS startup script: 

/sbin/init.d/nfs.server start 

ThePCNFS_SERVER flag causes the NFS startup script to start the PC 
NFS server daemon, pcnfsd. As a PC NFS server, your system can 
export its directories and files to PC NFS clients. 

Following are some reasons why you might want to create an 

/etc/pcnfsd. conf file: 

• If your PC NFS client software is assigning user IDs smaller than 101 
or greater than 60002, set the uidrange in the /etc/pcnfsd. conf 
file to allow access to a different range of user I Ds, as in the following 
example: 

uidrange 80-60005 

• If you want to give PC users a different set of default print options, 
the /etc/pcnfsd. conf file should contain a line similar to the 
following, which defines raw as a default print option for PC users 
submitti ng jobs to the pri nter i j 3_2: 

printer lj3_2 lj3_2 Ip -dlj3_2 -oraw 

The /etc/pcnfsd. conf fileis read when the pcnfsd daemon starts up. 
If you make any changes to /etc/pcnfsd. conf whilepcnfsd is 
running, you must restart pcnfsd before your changes will take effect. 

A PC must have NFS client software installed in order to use your 
system as a PC N F S server. 

For more information on pcnfsd, typeman im pcnfsd at the H P-UX 
prompt. 
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NOTE 


To Disable NFS Server Capability 

1. On the NFS server, issue the foil owing command for a list of all the 
NFS clients that have directories mounted from the NFS server you 
are planning to disable: 

/usr/sbin/showmount -a 

The output of the showmount command is not always complete. If an 
NFS client mounts a remote directory twice and unmounts it only once, 
the remote directory is still mounted on the client, but the showmount 
command does not list that client. Also, clients that are configured to 
automount a directory will not be listed by the showmount command if 
the directory is not currently mounted. 

2. On every NFS client listed by the showmount command, issue the 
following command for each di rectory that is mounted from your NFS 
server: 

/usr/sbin/fuser -u servername:/directory 

This command lists the process I Dsand user names of everyone using 
the mounted directory. 

3. Warn any users to cd out of the di rectory, and ki 11 any processes that 
are using the directory, or wait until the processes terminate. You can 
use the following command to kill all processes using the directory: 

/usr/sbin/fuser -ck IOC3l_mOunt_point 

4. On every client that has directories mounted from your server, issue 
the following command: 

/usr/sbin/umount -h servemame 

5. If your server will be down for a long time, edit the / etc/f stab file 
on each cl ient to comment out or remove any NFS mounts from the 
server you are planning to disable. This prevents the clients from 
attempting to mount directories from your server when the clients 
are rebooted. 

6. If your server will be down for a longtime, edit the /etc/auto_* 
files on each client to comment out or remove any automounts from 
the server you are planning to disable. Clients that automount the 
server's directories might not be listed by the showmount command. 
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If you are using Nl S to manage your automounter maps, edit the 
/etc/auto_* files on theNIS master server, and then issue the 
following commands to regenerate the maps and push them to the 
slave servers: 

cd /var/yp 

/usr/ccs/bin/make auto_rnapnarnG auto_rnapnarnG ... 

7. I f you modified the automounter master map, or if you added or 
deleted any entries in an automounter direct map, issue the foil owing 
command, on all clients that use the map, to force AutoFS to reread 
its maps: 

/usr/sbin/automount 

8. Issue the following command on the server to unexport all exported 
directories: 

/usr/sbin/exportfs -au 

9. On the NFS server, edit the /etc/rc.config.d/nfsconffileto set 
the NFS_SERVER variable to 0. This prevents the N FS server 
daemons from starting up when your system reboots. If your server 
will be down only a short time, thisstep is unnecessary. 

NFS_SERVER=0 

10. Edit the /etc/inetd. conf file to comment out the line that 
contains rpc .mountd (if it exists) and the lines for the other RPC 
services. 

11. Issue the following command to disable NFS server capability: 

/sbin/init.d/nfs.server stop 

If your NFS server will be down for only a very short period of time, this 
procedure is not necessary. If the server is down for only a few minutes, 
and directories are hard-mounted on the clients, clients attempting 
access to the server will simply hang until it comes back up. Then, they 
will resume access to it as if nothing had happened. 

H owever, if the server wi 11 be down for a long ti me, NFS cl ients 
attempting access to it will have to interrupt their attempts, usually 
with [CTRL] -c. If directories are mounted with the nointr option, 
cl ients must reboot thei r systems i n order to stop tryi ng to access a down 
server. 

See the foil owing man pages for more information: showmount(lM), 

fuser(lM), export!s(lM), automount (IM ), and mount d(lM). 
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Configuring and Administering an NFS 
Client 

An NFS client is a machine that "mounts" remote directories using 
NFS. These mounted remote directories appear to users as if they are 
part of the NFS client's local filesystem. An NFS client can also be an 
NFS server. Following are the tasks involved in configuring and 
administering an NFS client. Only the first four tasks are required in 
order to get your client up and running. 

• To Decide Between Standard-Mounted and Automounted Directories 

• To Mount a Remote Directory Using a Standard NFS Mount 

• To Enable NFS Client Capability 

• ToVerify Your NFS Client Configuration 

• To Change the Default Mount Options 

• To Ensure Data I ntegrity Between the Client and Server 

• To Remove (Unmount) a Mounted Directory 

• To Disable NFS Client Capability 

This section tells you howto perform these tasks, by editing files and 
issuing FHP-UX commands. FHowever, FHewlett-Packard recommends that 
you use SAM to configure and administer NFS. SAM (System 
Administration Manager) is FHewlett-Packard's windows-based user 
interface for performing system administration tasks. To run SAM, type 
sam at the FH P-UX prompt. SAM has an extensive online help facility. 
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To Decide Between Standard-Mounted and 
Automounted Directories 

• Before you mount any remote di rectories on your local system, decide 
whether you want each directory to be standard-mounted or 
automounted. Table 2-1 lists the advantages and disadvantages of 
each type of mount. For instructions on automounting remote 
directories, see "Configuring and Administering AutoFS" on page 51. 

Standard-mounted directories stay mounted until you explicitly 
unmount them. Automounted directories stay mounted until they are 
left idle for five minutes. The five minute default can be changed by 
adding the -t duration option totheAUTOMOUNT_oPTioNS variable 

in the /etc/rc.config.d/nfsconf file. 

Table 2-1 Standard-Mounted vs. Automounted Directories 


Standard-Mounted Directory 

Automounted Directory 

Advantage Configuration is simpler than for 
automounted directories. Only one file 
(/etc/f stab) is used to configure Standard 
mounts. 

Disadvantage Configuration can be more 
complicated than for standard mounts. 
Multiplefiles are usually required to 
configure AutoFS. 

Advantage The directory stays mounted, so 
you never have to wait for it to be mounted 
after you issue a read or write request. 

Disadvantage If the automounted 
directory has timed out and been 
unmounted, and you attempt to read it or 
write to it, you may have to wait a few 
seconds for it to be mounted again. 

Disadvantage: If a directory is configured to 
be standard-mounted when your system 
boots, and the NFS server for the directory is 
not booted yet, your system will hang until 
the NFS server becomes available. If your 
system and the server are configured to 
mount directories from each other at boot 
time, standard mounts can cause both 
systems to hang indefinitely. 

Advantage: An automounted directory is 
not mounted until a user or process 
requests access to it, so both your system 
and the NFS server wi 11 have ti me to boot 
before any attempt is made to mount the 
di rectory. 

Disadvantage: The configuration file for 
standard mounts (/etc/fstab) must be 
maintained separately on each NFS client. 

Advantage: AutoFS configuration files 
(maps) may be managed centrally 
through NIS. 
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Standard-Mounted Directory 

Automounted Directory 

Disadvantage: Only one NFS server may be 
configured for each standard-mounted 
directory. 

Advantage: Multiple servers may be 
configured for a single automounted 
directory, for reliability and load 
balancing. All servers are polled 
simultaneously, and the directory is 
mounted from the first server to respond. 

Disadvantage: If you have to configure many 
similar standard mounts, you must configure 
each of them individually, because you cannot 
use wildcard characters or environment 
variables when you configure standard NFS 
mounts. 

Advantage: AutoFS allows you to use 
wildcard characters and environment 
variables in configuration files (maps) as 
shortcuts when you are configuring many 
similar automounts. 

Disadvantage: Standard NFS mounts provide 
no shortcut for configuring all available 
remote directories; each directory must be 
configured explicitly. If the NFS servers 
change which directories they are exporting, 
you must change your local NFS client 
configuration. 

Advantage: AutoFS allows you to 
configure a special "built-in" map (the 
-hosts map), which causes all the 
exported directories from any NFS server 
on the network to be automounted on 
your system whenever anyone requests 
access to a directory on that server. The 
servers can change which directories they 
export, and your configuration remains 
valid. 
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To Mount a Remote Directory Using a 
Standard NFS Mount 

1. I n the /etc/f stab file, use a text editor to add a li nefor each remote 
directory you want mounted on your system. If the /etc/fstab file 
does not exist, you will have to create it. A line in the /etc/fstab 
file has the foil owing syntax: 

server:remote_directory lcK:al_directory nfs defaults 0 0 

or 

server ;remote_di rectory I oca I directory nfs option [, option... ] o 0 

For descriptions of the mount options, see'To Change the Default 
Mount Options" on page 40. 

2. If your system is already running as an NFS client, issue the 

fol lowi ng command to mount each remote di rectory you have added to 

the /etc/fstab file: 

/usr/sbin/mount local_directory 

Or, issue the fol I owing command to mount all the directories listed in 

the /etc/f stab file: 

/usr/sbin/mount -a 

The remote directories listed in the /etc/fstab file will be mounted 
automatically when you enable NFS client capability or reboot your 
system. See'To Enable NFS Client Capability" on page 39. 

The local directory you configure as a mount point must exist and should 
be empty. If the local mount point contains files or directories, they will 
be hidden and inaccessible whilethe remotedirectory is mounted over 
them. 

Before you can mount a remote directory on your system, the remote 
system where the directory is located must be configured as an NFS 
server and must export the directory. 

To mount a directory temporarily, issue the mount command, but do not 
add the mount tothe /etc/fstab file. It will stay mounted until you 
reboot your system or until you unmount it with the amount command. 

For more information, typeman 4 f stab or man im mount at the 
HP-UX prompt. 
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Figure 2-2 


Example NFS Mount of man pages 

broccoli:/usr/share/man /usr/share/man NFS ro 0 0 

This example mounts the directory /usr/share/man from the NFS 
server broccoli. The local mount point is also /usr/share/man. The 
directory is mounted read-only. Figure 2-2 illustrates this example: 


NFS Mount of man pages 

NFS server "broccoli" 

/ 


/usr /etc /opt 
/share 
/man 

/manl /man2 /man3 




local NFS client 

/ 


/usr /etc /opt 

, I 

/share 
/ man 



, I •«. 's 

' /manl /man2 /man3 ^ 
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Example NFS Mount of Home Directories 

broccoli:/home/broccoli /home/broccoli nosuid 0 0 
cauliflower:/home/cauliflower /home/cauliflower nosuid 0 0 

This example mounts the home directories from NFS servers broccoli 
and cauliflower on the local NFS client. The nosuid option prevents 
programs with setuid permission from executing on the local client. 
Figure 2-3 illustrates this example: 

Figure 2-3 NFS Mount of Home Directories 
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To Enable NFS Client Capability 

1. I n the / etc/rc. con fig. d/nf sconf file, make sure the 
NFS_CLiENT Variable is set to 1, as follows: 

NFS_CLIENT=1 

2. Run the NFS startup script by issuing the following command: 

/sbin/init.d/nfs.client start 

Setting the NFS_CLiENT variableto 1 causes the NFS startup script to 
be run whenever you reboot your system. 

The NFS startup script starts the necessary NFS client daemons and 
mounts the remote directories configured in the /etc/fstab file. 

To Verify Your NFS Client Configuration 

• After you have configured the directories you want to mount and 
enabled NFS client capability, issue the is command in the local 
directories you have configured asNFS mount points. Ifyour NFS 
client is working correctly, the Is command will list the contents of 
mounted directories. If the local directories are empty, or if you get 
error messages, see 'Troubleshooting NFS Services"on page 173. 
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To Change the Default Mount Options 

1. I nclude the NFS mount options in your /etc/fstab file or 
automounter map as needed. Table 2-2 and Table 2-3 list the NFS 
mount options. 

2. If you changed the mount options in the automounter master map, 
you must run the automount(lM) command, on each client that uses 
the map, before your changes will take effect. 

If you changed the mount options for a directory that is currently 
mounted, you must unmount and remount it before your changes will 
take effect. I ssue the followi ng commands: 


/usr/sbin/umount IOCal_dirGCtory 
/usr/sbin/mount IOCal_dirGCtory 

Table 2-2 NFS Mount Options 


rw (read/write) 
or 

ro (read-only) 

(default: rw) 

Use rw for data that users need to modify. 1 n order for you to mount a 
directory read/write, the NFS server must export it read/write. 

Use ro for data you do not want users to change. A directory that is 
automounted from several servers should be read-only, to keep versions 
identical on all servers. 

suid 

or 

nosuid 

(default: suid) 

Specify suid if you want to allow mounted programs that havesetuid 
permission to run with the permissions of their owners, regardless of 
who starts them. If a program with setuid permission is owned by root, 
it will run with root permissions, regardless of who starts it. 

Specify nosuid to protect your system against setuid programs that 
may run as root and damage your system. 
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hard 

or 

soft 

(default: hard) 

Specify hard if users will be writi ng to the mounted directory or 
running programs located in it. When NFS tries to access a 
hard-mounted directory, it keeps trying until it succeeds or someone 
interrupts its attempts. If the server goes down, any processes using 
the mounted directory hang until the server comes back up and then 
continue processing without errors. I nterruptible hard mounts may be 
interrupted with ctrl-c or kill (seethe intr option, later). 

Specify soft if the server is unreliable and you want to prevent 
systems from hanging when the server is down. When NFS tries to 
access a soft-mounted directory, it gives up and returns an error 
message after trying retrans times (seethe retrans option, later). 

Any processes using the mounted directory will return errors if the 
server goes down. 

intr 

or 

nointr 

(default: intr) 

Specify intr if users are not likely to damage critical data by manually 
interrupting an NFS request. If a hard mount is interruptible, a user 
may press [ctrl] -c or issue the kill command to interrupt an NFS 
mount that is hanging indefinitely because a server is down. 

Specify nointr if users might damage critical data by manually 
interrupting an NFS request, and you would rather have the system 
hang while the server is down than risk losing data between the client 
and the server. 

fg (foreground) 
or 

bg (background) 

(default: fg) 

Specify fg for directories that are necessary for the cl lent machine to 
boot or operate correctly. If a foreground mount fails, it is retried again 
in the foreground until it succeeds or is interrupted. All automounted 
directories are mounted in the foreground; you cannot specify thebg 
option with automounted directories. 

Specify bg for mounting directories that are not necessary for the cl lent 
to boot or operate correctly. Background mounts that fail are retried in 
the background, allowing the mount process to consider the mount 
complete and goon to the next one. If you have two machines 
configured to mount directories from each other, configure the mounts 
on one of the machi nes as background mounts. That way, if both 
systems try to boot at once, they wi 11 not become deadlocked, each 
waiting to mount directories from the other. Thebg option cannot be 
used with automounted directories. 
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devs 

or nodevs 

(default: devs) 

Specify devs if you are mounting device files from a server whose 
device files will work correctly on the client. The devs option allows 
you to use NFS-mounted device files to read and write to devices from 
the NFS client. It is useful for maintaining a standard, centralized set 
of device files, if all your systems are configured similarly. 

Specify nodevs if device files mounted from a server will not work 
correctly for reading and writing to devices on the NFS client. The 
nodevs option generates an error if a process on the NFS client tries to 
read or write to an NFS-mounted device file. 

timeo=n 

(default=7) 

The ti meout, i n tenths of a second, for N F S requests (read and write 
requests to mounted directories). If an NFS request times out, this 
timeout value is doubled, and the request is retransmitted. After the 
NFS request has been retransmitted the number of times specified by 
the retrans option (see below), a soft mount returns an error, and a 
hard mount retries the request. The maximum timeo value is 30 (3 
seconds). 

Try doubling the timeo value if you see several server not 
responding messages within a few minutes. This can happen because 
you are mounting directories across a gateway, because your server is 
slow, or because your network is busy with heavy traffic. 

retrans=n 

(default=4) 

The number of ti mes an N F S request (a read or write request to a 
mounted directory) is retransmitted after it times out. If the request 
does not succeed after n retransmissions, a soft mount returns an error, 
and a hard mount retries the request. 

1 ncreasethe retrans value for a directory that is soft-mounted from a 
server that has frequent, short periods of down time. This gives the 
server sufficient time to recover, so the soft mount does not return an 
error. 

retrY=n 

(default=l) 

The number of times the NFS client attempts to mount a directory 
after the first attempt fails. If you specify intr, you can interrupt the 
mount before n retries. However, if you specify nointr, you must wait 
until n retries have been made, until the mount succeeds, or until you 
reboot the system. 

If mounts are failing because your server is very busy, increasing the 
retry value may fix the problem. 
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rsize=n 

(default=6192) 

The number of bytes the NFS client requests from the NFS server in a 
single read request. 

If packets are being dropped between the client and the server, 
decrease rsize to 4096 or 2048. To find out whether packets are being 
dropped, issue the nfsstat -rc command at the HP-UX prompt. If 
the timeout and retrans values returned by this command are high, 
but thebadxid number is close to zero, then packets are being dropped 
somewhere in the network. 

wsize=n 

(default=6192) 

The number of bytes the NFS client sends to the NFS server in a single 
write request. 

1 f packets are bei ng dropped between the cl lent and the server, 
decrease wsize to 4096 or 2048. To find out whether packets are being 
dropped, issue the nfsstat -rc command at the HP-UX prompt. If 
the timeout and retrans values returned by this command are high, 
but thebadxid number is close to zero, then packets are being dropped 
somewhere in the network. 

vers=n 

(default=3) 

The version of the NFS protocol to use. By default, the local NFS client 
will attempt to mount the filesystem using NFS version 3. If the NFS 
server does not support version 3, the filesystem will be mounted using 
version 2. 

1 f you know that the NFS server does not support version 3, specify 
vers=2, and you will save time during the mount, because the client 
will not attempt to use version 3 before using version 2. 

0 (Overlay 
mount) 

default: not 
specified 

Allows the file system to be mounted over an existing mount point, 
making the underlying file system inaccessible. If you attempt to 
mount a filesystem over an existing mount point without the-o option, 
the mount will fail with the error device busy. 

Caution: Using the-o mount option can put your system in a confusing 
state. The-o option allows you to hide local data under an NFS mount 
point without receiving any warning. Local data hidden beneath an 

NFS mount point will not be backed up during regular system backups. 

On HP-UX, the-o option is valid onlyfor NFS-mounted filesystems. 

For this reason, if you specify the -o option, you must also specify the 
-F nfs option to the mount command or thenf s filesystem type in the 

/etc/fstab file. 
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remount 

default: not 
specified 

If the file system is mounted read-only, this option remounts it 
read/write. This allows you to change the access permissions from 
read-only to read/write without forcing everyone to leave the mounted 
directory or killing all processes using it. 

grpid 

default: not 
specified 

Forces a newly created file in the mounted filesystem to inherit the 
group 1D of the parent directory. 

By default, a newly created file inherits the effective group 1D of the 
calling process, unless the Gl D bit is set on the parent directory. If the 

Gl D bit is set, the new file inherits the group 1D of the parent directory. 


Several NFS mount options allow you to change the length of time file 
and directory attributes remain cached on the NFS client. By default, an 
NFS client caches certain attributes of files and directories, like their 
ownership, size, and modification time. If a user on an NFS client is 
making a series of changes to a file, the changes to the file's attributes 
are cached and modified locally on the client, and finally, the resulting 
attri butes are sent to the server. 
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Table 2-3 NFS Caching Options 


noac 

(default: not 
specified) 

If specified, this option prevents the N FS client from caching attributes 
for the mounted directory. 

Specify noac for a directory that will be used frequently by many NFS 
clients. The noac option ensures that the file and directory attributes on 
the server are up to date, because no changes are cached on the clients. 
However, if many NFS clients using the same NFS server all disable 
attribute caching, the server may become overloaded with attribute 
requests and updates. You can also use the actimeo option to set all the 
caching timeouts to a small number of seconds, like 1 or 3. 

If you specify noac, do not specify the other caching options. 

nocto 

(default: not 
specified) 

If specified, this option suppresses fresh attributes when opening a file. 

Specify nocto for a file or directory that never changes, to decrease the 
load on your network. 

acdirmax=n 

(default=60) 

The maximum number of seconds a directory's attributes are cached on 
theNFS client. When thistimeout period expires, the client flushes its 
attribute cache, and if the attributes have changed, the cl lent sends them 
to the NFS server. 

For a directory that rarely changes or that is owned and modified by only 
one user, like a user's home directory, you can decrease the load on your 
network by setting acdirmax=i2 0 or higher. 

acdirmin=n 

(default=30) 

The minimum number of seconds a directory's attributes are cached on 
theNFS client. If the directory is modified before this timeout expires, 
the timeout period is extended by acdirmin seconds. 

For a directory that rarely changes or that is owned and modified by only 
one user, likea user's home directory, you can decreasethe load on your 
network by setting acdirmin=60 or higher. 
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acregmax=n 

(default=60) 

The maximum number of seconds a file's attributes are cached on the 

NFS client. When this timeout period expires, the client flushes its 
attribute cache, and if the attributes have changed, the cl lent sends them 
to the NFS server. 

For a file that rarely changes or that is owned and modified by only one 
user, like a file in a user's home directory, you can decrease the load on 
your network by setting acregmax=i20 or higher. 

acregmin=n 

(default=3) 

The minimum number of seconds a file's attributes are cached on the 

NFS client. If the file is modified before this timeout expires, the timeout 
period is extended by acregmin seconds. 

For a file that rarely changes or that is owned and modified by only one 
user, like a file in a user's home di rectory, you can decrease the load on 
your network by setting acdirmin=30 or higher. 

actimeo=n 

(no default) 

Setting actimeo to n seconds is equivalent to setting acdirmax, 
acdirmin, acregmax, and acregmin tO n seCOnds. 

Set actimeo=i or actimeo=3 for a directory that is used and modified 
frequently by many NFS clients. This ensures that the file and directory 
attributes are kept reasonably up to date, even if they are changed 
frequently from various client locations. 

Set actimeo=i20 or higher for a directory that rarely or never changes. 

If you set the actimeo value, do not set the acdirmax, acdirmin, 
acregmax, or acregmin values. 
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To Ensure Data Integrity Between the Client 
and Server 

• Make sure the directory is exported from the server with the 
noasync option (the default). If the directory is exported with the 
async option, the NFS server will acknowledge NFS writes before 
writing data to disk. Changing an exported directory from async to 
noasync degrades write performance for that directory. 

• If users or applications will be writing to the NFS-mounted directory, 
make sure it is mounted with the hard option (the default), rather 
than the soft option. 

• If you have a small number of NFS applications that require absolute 
data integrity, add the o_sync flag to the open {) calls in your 
applications. When you open a file with theo_SYNC flag, a write() 
call will not return until the write request has been sent to the NFS 
server and acknowledged. The o_sync flag degrades write 
performance for applications that use it. 

• If you have a large number of NFS applications requiring absolute 
data integrity, or if your entire installation needs a high degree of 
data integrity, set theNUM_NFSiOD variabletoO in the 
/etc/rc. conf ig. d/nf sconf file on each client, as follows, 

NUM_NFSIOD=0 

and issue the following commands to kill all thebiod daemons (PI D 
is a process ID returned bytheps command): 

/usr/bin/ps -ef I /usr/bin/grep biod 
/usr/bin/kill PID PID ... 

The biod daemons improve write performance by handling NFS 
write requests from users and applications. After a write request is 
passed to a biod daemon, control is returned to the user or 
application. Running a client without biod daemons degrades write 
performance for all users and applications on that client. 

• If multiple NFS users will be writing to the same file, add the 
lockf 0 call toyour applications tolockthefileso that only one user 
may modify it at a time. 

If multiple users on different NFS clients will be writing to the file, 
you must also turn off attribute caching on those clients by mounting 
thefilewith thenoac option. 
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For more information, see the foil owing man pages: mountflM), open(2), 
write (2), lockf(2), and biod(lM). 
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To Remove (Unmount) a Mounted Directory 

1. On the NFS client, issue the foil owing command to determine 
whether the directory you want to unmount is currently in use: 

/usr/sbin/fuser -cu IOCal_mOunt_point 

This command lists the process I Dsand user names of everyone using 
the mounted directory. 

2. Warn any users to cd out of the di rectory, and ki 11 any processes that 
are using the directory, or wait until the processes terminate. You can 
use the following command to kill all processes using the mounted 
directory: 

/usr/sbin/fuser -ck IOCal_mCXjnt_point 

3. If you want to remove the mounted directory permanently, use an 
editor to remove the appropriate line in the /etc/fstab file. 

If you want to remove the mounted directory temporarily, leave the 
line in /etc/fstab, and the directory will be mounted again when 
you reboot your system or run the NFS startup script. 

4. I ssue the following command at the H P-UX prompt: 

/usr/sbin/umount IOCBl_mOunt_point 

If any user or process is using the remote di rectory, NFS cannot 
unmount it and will issue an error message. 

For more information, type man im mount or man im fuser atthe 
HP-UX prompt. 
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To Disable NFS Client Capability 

1. On the NFS client, issuethemount(lM) command with no options, to 
get a list of all the mounted file systems on the client: 

/usr/sbin/mount 

2. For every NFS-mounted directory listed by the mount command, 
issue the following command to determine whether the directory is 
currently in use: 

/usr/sbin/fuser -cu IOC3l_mOunt_point 

This command lists the process IDs and user names of everyone using 
the mounted directory. 

3. Warn any users to cd out of the directory, and kill any processes that 
are using the directory, or wait until the processes terminate. You can 
use the following command to kill all processes using the mounted 
directory: 

/usr/sbin/fuser -ck IOC3l_mOunt_point 

4. Issue the following command on the client to unmount all 
NFS-mounted directories: 

/usr/sbin/umount -at nfs 

5. Edit the /etc/rc. conf ig. d/nf sconf file on the client to set the 
NFS_CLiENT and AUTOMOUNT Variables to 0. This prevents the client 
processes from starting up again when you reboot the client. 

NFS_CLIENT=0 

AUTOMOUNT=0 

6. Issue the following command to disable NFS client capability: 

/sbin/init.d/nfs.client stop 

For more information, type man im mount or man im fuser atthe 
HP-UX prompt. 
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Configuring and Administering AutoFS 

This section tells you how to configure AutoFS. AutoFS mounts 
directories automatically when users or processes request access to 
them, and it unmounts them automatically after they have been idle for 
a period of time (five minutes, by default). Following are the tasks 
involved in configuring AutoFS. Tasks 3 and 16 alone will get AutoFS up 
and running on your system. 

Before configuring AutoFS, see'To Decide Between Standard-Mounted 
and Automounted Directories"on page 34. 

1. To Migratefrom the Automounter to AutoFS 

2. To Understand How AutoFS Works 

3. To Automount All Exported Directories from Any Host Using the 
-hosts Map 

4. To Decide Between Direct and I ndirect NFS Automounts 

5. To Mount a Remote Directory Using a Direct Automounter Map 

6. To Mount a Remote Directory Using an I ndirect Automounter Map 

7. To Configure Multiple (Replicated) Servers for an Automounted 
Directory 

8. To Use Environment Variables as Shortcuts in Automounter Maps 

9. To Use Wildcard Characters as Shortcuts in Automounter Maps 

10. To A utomou nt U sers' H ome D i rector i es 

11. To Automount Multiple Directories Simultaneously (Hierarchical 
Mounts) 

12. To Automount a Directory Using CacheFS 

13. To I ncludean Automounter Map in Another Automounter Map 

14. To Create a H ierarchy of Automounter Maps 

15. To Turn Off an Automounter Map with the-null Map 

16. To Enable AutoFS 

17. To Disable AutoFS 

18. To Verify Your AutoFS Configuration 
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19 .T 0 Modify or Remove (Unmount) an Automounted Directory 

This section tells you howto perform these tasks, by editing files and 
issuing HP-UX commands. However, Hewlett-Packard recommends that 
you use SAM to configure and administer AutoFS. SAM (System 
Administration Manager) is Hewlett-Packard's windows-based user 
interface for performing system administration tasks. To run SAM, type 
sam at the H P-UX prompt. SAM has an extensive online help facility. 


NOTE SAM does not support specifying maps or directories on the automount 

command line. SAM finds AutoFS maps only if they are listed in the 
master map. SAM recognizes automounted directories only if they are 
listed in an AutoFS map. 
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To Migrate from the Automounter to AutoF S 

Thel0.20ACE andHWE replace the old automounter with AutoFS, 

which has the following advantages over the old automounter: 

• AutoFS can be used to mount any type of file system, including NFS 
Protocol Version 3. (The old automounter can be used only for NFS 
PV2.) 

• With AutoFS the configured mount points are the actual mount 
points. (The old automounter mounted directories under /tmp_mnt 
and creates symbolic links from the configured mount points to the 
actual ones under /tmp_mnt.) 

• You do not have to stop AutoF S to change your automounter maps. 
The AutoFS daemon, automountd, runs continuously. When you 
make a change to an automounter map, you run the automount 
command, which reads the maps and then exits. (The old 
automounter had to be killed and restarted whenever you made a 
change to an automounter map.) 

If you were using the automounter before you installed the 10.20 ACE or 

H WE, you must perform the following tasks to migrate your 

automounter configuration to AutoFS: 

1. Move the / etc/rc . con fig . d/nf sconf file tO 
/etc/rc.config.d.nfsconf.old. 

2. Copy the /usr/ newconf ig/etc/rc. config.d/nfsconffiletO 
/etc/rc.config.d/nfsconf. 

3. Copy any options you had specified in the auto_options variableto 
either the automount_options or theAUT0M0UNTD_0PTi0NS 

va r i a bl e. R emove obsol ete opt i on s. 

The old automount daemon is replaced by the automount (IM) 
command and the automountd(lM) daemon. Each has its own set of 
options. Table 2-4 lists the options to the old automount command 
and the equivalent AutoFS command options. It also indicates which 
automount options are obsolete with AutoFS. 
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Table 2-4 Old Automount Command-Line Options Used By AutoFS 


Old automount 

Option 

Equivalent AutoFS 
Command Option 

Purpose 

-D variable=value 

automountd -D variable=value 

Assign valuetoenvironment 
variable 

-f master_file 

automount -f master file 

U se master_fi 1 e as 1 ocal 
master map. 

-M mount_di rectory 

Obsolete with AutoFS. 

Automount directories under 
mount_directory instead of 
/ tmp_mnt. 

-m 

Obsolete with AutoFS. 

1 gnore N1 S auto . master 
map. 

-n 

Obsolete with AutoFS. 

Allow automounts only of 
previously mounted target 
filesystems. 

-T 

automountd -T 

Enable automount tracing. 

-ti duration 

automount -t duration 

Specify time before 
unmounting idle directories. 

-tm interval 

Obsolete with AutoFS. 

Specify interval between 
mount attempts. 

-tw interval 

Obsolete with AutoFS. 

Specify interval between 
unmount attempts. 

-V 

automount -v 

automountd -v 

Verbose mode. 


4. Mcxdify any scripts you have that kill and restart automount. The 
new AutoFS daemon, automountd, rarely needs to be restarted. I f 
you need to make changes to your automounter maps, just run the 
automount program after modifying the maps. It is not a daemon, 

I ike the old automount process; it is a program that runs once to read 
the maps and then terminates. 

For more information, seetheautomount(lM) or automountd(lM) man 
page. 
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To Understand How AutoFS Works 

AutoFS consists of the following components: 

1. The automount command, for reading automounter maps into 
memory. 

2. The AutoFS filesystem. 

3. The automountd daemon, which automounts file systems when they 
are requested by users. 

The automount command is invoked at system startup. It reads the 
automounter master map to create the initial set of AutoFS mount 
points in the internal mount table, /etc/mnttab. The automounted file 
systems are not automatically mounted at startup. They are points 
under which filesystems will demounted later, when users request 
access to them. 

When AutoFS receives a request to mount a filesystem that is not 
currently mounted, it calls the automountd daemon, which actually 
mounts the requested filesystem. Once the file system is mounted, 
further access does not require any action from the automountd 
daemon. Uni ike the old automounter, AutoFS mounts file systems at the 
configured mount points. It does not maintain its own directory of mount 
points with symbolic links into it the way the old automounter does. 

The automountd daemon is completely independent from the 
automount command. Becauseof this separation, it is possible to add, 
delete, or change automounter map information without having to stop 
and restart the automountd daemon. 

After system startup, when the AutoFS mount points are set up, you can 
modify the set of mount points by modifying the automounter maps and 
running the automount command to read them and modify the mount 
table accordingly. You do not have to stop and restart AutoFS. 

If an automounted filesystem has been idlefor 5 minutes, AutoFS 
unmounts it. 

For more information on AutoFS, type man im automount or man im 
automountd at the H P-UX prompt. 
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To Automount All Exported Directories from 
Any Host Using the -hosts Map 

1. If you are using local files for your automounter maps, use an editor 
to add the foil owing line to the automounter master map file, 

/etc/auto_master: 

/net -hosts nosuid 

I f you are usi ng NIS to manage your automounter maps, add the 11 ne 
to the master map file on theNIS master server, and then issue the 
following commands to rebuild the map and push it out to slave 
servers: 

cd /var/yp 

/usr/ccs/bin/make auto_master 

2. On each host that will use the map you have just modified, issue the 
following command to force AutoFS to read the modified map: 

/usr/sbin/automount 

The local mount point (/net) should not exist. 

You must enable AutoFS before any directories can beautomounted. See 
'To Enable AutoFS"on page80. 

The —hosts map Isa "built-in” automounter mapj you do not have to 
create it. The -hosts map causes AutoFS to mount all the exported 
di rectories from any NFS server on the network whenever a user or 
process requests access to one of the exported di rectories from that 
server. 


CAUTION Because the -hosts map allows NFS access to any reachable remote 

system, a user may inadvertently cause an NFS mount over X.25 or 
SLIP, which is unsupported, or through a slow router or gateway. Mounts 
over slow links may cause excessive retransmissions and degrade 
performance for all users. 


When a user or process requests a di rectory from an N F S server, AutoF S 
creates a subdirectory, named after the NFS server, under the local 
mount point you configured in the automounter master map. (The 
conventional mount point for the -hosts map is /net.) Then AutoFS 
mounts all the exported directories from that server under the 
subdirectory it created. Directories will stay mounted until they are left 
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Figure 2-4 


Figure 2-5 


idle for five minutes. The five minute default can be changed by adding 
the -t duration option totheAUTOMOUNT_oPTioNS variable in the 

/etc/rc.config.d/nfsconf file. 

For example, if server sage exports /opt and /apps, and a user on your 
NFS client types the following command, 

cd /net/sage/opt/frame 

the subdirectory /sage is created under /net, and /opt and /apps are 
mounted under /sage. Figure 2-4 shows the automounted file structure 
after the user's command. 

Automounted Directories from -hosts Map—One Server 

/net 


/ sage 



/opt /apps 

If server thyme exports the directory /exports/pro ji, and a user 
types the fol lowi ng command, 

more /net/thyme/exports/proj1/readme 

the subdirectory /thyme is created under /net, and /exports/pro ji 
is mounted under /thyme. Figure 2-5 shows the automounted directory 
structure after the second user's command. 

Automounted Directories from -hosts Map—Two Servers 

/ net 



/opt /apps /exports 


/projl 

The -hosts map is an indirect map. It uses the hosts database (the 
/etc/hosts file, the Nl S hosts map, or Bl ND [DNS]) to find a host on 
the network. The N ame Service Switch configuration determi nes which 
name services will be searched for host information. See "Configuring the 
N ame Service Switch" on page 153. 
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To Decide Between Direct and Indirect NFS 
Automounts 

• Before you automount a remote di rectory, decide whether you want to 
use a direct or indirect automounter map. Table 2-5 lists the 
advantages and disadvantages of each type of map. 

In general, an indirect map is better than a direct map, because it is 
easier to modify while AutoFS is running, and because it does not cause 
"mount storms" in directories with many automount points. 

H owever, if your automounted di rectory must share the same parent 
directory with local or standard-mounted directories, or if users must 
always get a complete list of aval I able files and directories when they 
issue the is command, you should choose a direct map. 

Table 2-5 lists the advantages and disadvantages of direct and indirect 
automounter maps. 


Table 2-5 Direct vs. Indirect Automounter Map Types 


Direct Map 

Indirect Map 

Advantage: A user can see the contents of a 
direct-mounted directory with the is 
command. 1 f the contents are not currently 
mounted, is causes them to be mounted. 

Disadvantage: If a user types is to see 
the contents of an indirect-mounted 
directory, it appears empty unless its 
subdirectories are currently mounted. 

The user must cd to a subdirectory or 
type Is subdirectory to cause it to be 
mounted. 

Advantage: Direct-mounted automounted 
directories can share the same parent 
directory with local or standard-mounted files 
and directories. 

Disadvantage: An indirect map hides any 
local, standard-mounted, or 
direct-mounted files or directories 
underneath the mount point for the map. 

Disadvantage If you add or remove mounts in 
a direct map, or if you change the local mount 
point for an existing mount in a direct map, 
you have to force AutoFS to reread its maps or 
reboot your system before AutoF S sees the 
changes you made. 

Advantage If you modify an indirect map, 
AutoF Swill see the changes the next ti me 
it mounts the directory, so you don't have 
to force AutoF S to reread its maps. 
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Direct Map 

Indirect Map 

Disadvantage When a user or program 
accesses a directory containing many direct 
mount points, all the directories are mounted, 
whether they are needed or not. This can 
cause a flurry of mount activity. 

Advantage When a user or program 
accesses a directory containing many 
indirect mount points, only directories 
that are already mounted appear. 

Disadvantage When automount reads a 
direct map, it creates an entry for each 
automounted directory in the internal mount 
table, /etc/mnttab. This can cause the 
mount table to become very 1 arge. 

Advantage When automount reads an 
indirect map, it creates only one entry for 
the entire map in the internal mount 
table, /etc/mnttab. Additional entries 
are created as directories are actually 
mounted. The mount table takes up no 
more space than necessary, because only 
mounted directories appear in it. 


How AutoFS Sets Up Direct and Indirect Mounts 

The automounts configured in a direct map may be mounted in various 
places in the local filesystem; they do not have to be located under the 
same parent directory. 

The automounts configured in an indirect map are all mounted under the 
same local parent directory. 

Figure 2-6 shows the difference between direct mounts and indirect 
mounts on an NFS client. 


Figure 2-6 


The Difference Between Direct Mounts and Indirect Mounts 


mounts in a direct map 


mounts in an indirect map 
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To Mount a Remote Directory Using a Direct 
Automounter Map 

1. If you are using local files for your automounter maps, use an editor 
to open or create a direct map in the /etc directory. The direct map is 
commonly called /etc/auto_direct. Add a line to the direct map 
with the following syntax: 

local directory [mount options] server:remotedirectory 

I f you are usi ng NIS to manage your automounter maps, add the I i ne 
to the di rect map on the NIS master server. 

2. If you are using local files for your automounter maps, use an editor 
to open or create the automounter master map in the / etc directory. 
The master map should be called /etc/auto_master. If you are 
using NIS, open the master map on the NIS master server. 

If the direct map you just modified is not listed in the automounter 
master map, add the following line to the master map: 

/- directmapname [mountoptions] 

3. If you are using NIS to manage your automounter maps, issue the 
following commands on the NIS master server to rebuild the maps 
and push them to the slave servers: 

cd /var/yp 

/usr/ccs/bin/make auto_master auto_direct 

4. On each host that will use the map you have just modified, issue the 
following command to force AutoFS to read the modified map: 

/usr/sbin/automount 

The local directory you configure as the mount point should be empty or 
non-existent. AutoFS will create any non-existent directories between 
the root directory and the configured mount point. If the local directory 
you configure is not empty, any local files or directories in it will be 
hidden and inaccessible whilethe remote directory is mounted over it. 

Do not automount a remote directory on a local directory that is a 
symbolic link. 

I f you are usi ng NIS to manage your automounter maps, make sure the 
local mount point is different from theexported directory on the server. If 
they are the same, the server may attempt to mount its exported 
di rectory over itself, and the directory will become unavailable. 
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The mount options are the same ones used for standard N F S-mounted 
directories. See 'To Change the Default Mount Options" on page 40 for a 
list of mount options. Thebg option cannot be used for an automounted 
directory. The mount options configured inthe direct map override the 
ones in the master map if there is a conflict. 

You can configure all your direct automounts in the same map. Many 
people use the file name /etc/auto_direct for their direct map. If you 
plan to use NIS to manage your automounter maps, you can have only 
one direct map in your configuration. If you plan to use Nl S to manage 
your automounter maps, and your file system does not allow file names 
longer than 14 characters, keep the map name to 10 characters or fewer. 

If the direct map name in the automounter master map contains a slash 
(/), AutoFS assumes it is a local file. If it does not contain a slash, AutoFS 
uses the Name Service Switch to determine whether it is a file or an Nl S 
map. See "Configuring the Name Service Switch" on page 153. 

Before you can mount a remote directory on your system, the remote 
system where the directory is located must be configured as an NFS 
server and must export the directory. 

You must enable AutoFS before any directories can be automounted. See 
'To Enable AutoFS" on page 80. 

Automounted directories stay mounted until they are left idle for five 
minutes. The five minute default can be changed by adding the 
-t duration option tothe automount_options variable in the 

/etc/rc.config.d/nfsconf file. 

If you change the mount options, the remote server name, or the remote 
directory name for an existing direct mount whileAutoFS is running, the 
changes you made wi 11 take effect the next ti me the di rectory is mounted. 
However, if you change the local directory name in the direct map, or if 
you change the master map, these changes will not take effect until you 
issue the automount command to force AutoFS to reread its maps. 

You can list executable automounter maps in the master map, or include 
them in local automounter map files. Executable automounter maps 
return a map entry on standard output when automountd supplies 
them with a key to look up. If they cannot supply a map entry for the key, 
they should return nothing. AutoFS determines whether a map is 
executable by checking whether the execute bit is set in its permissions 
string. If a map is not executable, make sure its execute bit is not set. 
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Automounted directories in the /etc/mnttab file contain the keyword 
ignore to prevent them from being mounted at boot time. 

For more information on AutoFS configuration, type man im 
automount at the HP-UX prompt. 
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Example File Entries for Direct Automounts 

Following are example lines from an automounter direct map on NFS 
client sage. The sharp sign (#j indicates a comment line. 

# /etc/auto_direct file 

# local mount point mount options remote server:directory 

/auto/project/specs -nosuid thyme:/export/project/specs 

/auto/project/budget -nosuid basil:/export/FY94/projl 

Following are example lines from the automounter master map on NFS 
client sage. 

# /etc/auto_master file 

# local mount point map name mount options 

/- /etc/auto_direct 

Figure 2-7 illustrates how the AutoFS sets up the direct mounts for this 
configuration. 


Figure 2-7 Example of Direct Mounts 

NFS server "basil" NFS server "thyme" NFS client "sage" 
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To Mount a Remote Directory Using an 
I ndi rect Automounter Map 

1. If you are using local files for your automounter maps, use an editor 
to open or create an indirect map in the / etc directory. Add a line 
with the following syntax to the indirect map: 

I oca I subdirectory [mountoptions] server: remotedi rectory 

I f you are usi ng NIS to manage your automounter maps, add the I i ne 
to an indirect map on the NIS master server. 

2. If you are using local files for your automounter maps, use an editor 
to open or create the automounter master map in the / etc directory. 
The master map should be called /etc/auto_master. If you are 
using NIS, open the master map on the NIS master server. 

If the indirect map you just modified is not listed in the automounter 
master map, add the following line to the master map: 

local parent directory indirect map name [mount options] 

3. If you are using NIS to manage your automounter maps, issue the 
following commands on the NIS master server to rebuild the maps 
and push them to the slave servers: 

cd /var/yp 

/usr/ccs/bin/make auto_master indirGCt_rn0pnarnG 

4. If you modified the automounter master map, issue the following 
command on each host that will use the map, to force AutoFS to read 
the modified master map: 

/usr/sbin/automount 

The local_subdirectory specified in the indirect map is the deepest 
subdirectory in the local directory pathname. For example, if you were 
mounting a remote directory on /nfs/apps/draw, the 
local_subdirectory specified in the indirect map would beciraw. 

The Iocal_parent_di rectory specified in the master map is all but the 
deepest subdirectory in the local directory pathname. For example, if you 
were mounting a remote directory on /nfs/apps/draw, the 
local_parent_directory specified in the master map would be /nfs/apps. 

The I ocal_parent_di rectory and I oca I _subdi rectory should not exist; 
AutoFS will create them when it mounts the remote directory. If the 
local_parent_directory or local_subdirectory contains files or directories, 
they will be hidden beneath the remote directory when it is mounted. 
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CAUTiON 


The lcx;al_subdirectory and lcx;al_parent_directory must not be symbolic 
links. 

I f you are usi ng NIS to manage your automounter maps, make sure the 
local mount point is different from theexported directory on the server. If 
they are the same, the server may attempt to mount its exported 
directory over itself, and the directory will become unavailable. 

The mount options are the same ones used for standard N F S-mounted 
directories. See 'To Change the Default Mount Options" on page 40 for a 
list of mount options. Thebg option cannot be used for an automounted 
directory. The mount options configured in the indirect map override the 
ones in the master map if there is a conflict. 

You can configure indirect automounts in the same indirect map only if 
their local_parent_directory, as specified in the automounter master 
map, is the same. For example, indirect mounts with the local mount 
points /nfs/apps/draw and /nf s/apps/word could be Configured in 
the same i ndi rect map. 

Indirect maps are usually called /etc/auto_name where name is 
something that helps you remember what is configured in the map. If 
you plan to useNISto manage your automounter maps, and if your file 
system does not support file names longer than 14 characters, keep your 
indirect map names to 10 characters or fewer. 

I f the i ndi rect map name i n the automounter master map contai ns a 
slash (/), AutoFS assumes it is a local file. If it does not contain a slash, 
AutoFS uses the Name Service Switch to determine whether it isafileor 
an NIS map. See "Configuring the Name Service Switch" on page 153. 

Before you can mount a remote directory on your system, the remote 
system where the directory is located must be configured as an NFS 
server and must export the directory. 

Automounted directories stay mounted until they are left idle for five 
minutes. The five minute default can be changed by adding the 
-t duration option tothe automount_options variable in the 

/etc/rc.config.d/nfsconf file. 

You must enable AutoFS before any directories can be automounted. See 
'To Enable AutoFS" on page 80. 

If AutoFS is already running when you add an indirect mount to your 
configuration, you do not have to run the automount command unless 
you change the master map. Any changes you make to an existing 
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i ndi rect map wi 11 take effect the next ti me AutoF S mounts the di rectory. 
However, changes to the master map will not take effect until you issue 
the automount command to force AutoFS to reread its maps. 

You can list executable automounter maps in the master map, or include 
them in local automounter map files. Executable automounter maps 
return a map entry on standard output when automountd supplies 
them with a key to look up. If they cannot supply a map entry for the key, 
they should return nothing. AutoFS determines whether a map is 
executable by checking whether the execute bit is set in its permissions 
string. If a map is not executable, make sure its execute bit is not set. 

Automounted directories in the /etc/mnttab file contain the keyword 
ignore to prevent them from being mounted at boot time. 

For more information on AutoFS configuration, type man im 
automount at the HP-UX prompt. 

Example File Entries for Indirect Automounts 

Following are example lines from an automounter indirect map on NFS 
client sage. The sharp sign indicates a comment. Everything from 
the sharp sign to the end of the line is ignored by AutoFS. 

# /etc/auto_desktop file 

# local mount point mount options remote server:directory 

draw -nosuid thyme:/export/apps/draw 

write -nosuid basil:/exprort/write 

Following are example lines from the automounter master map on NFS 
client sage. The master map also includes an entry for the direct map 

/etc/auto_direct. 

# /etc/auto_master file 

# local mount point map name mount options 

/- /etc/auto_direct 

/nfs/desktop /etc/auto_desktop 

Figure 2-8 illustrates how AutoFS sets up the indirect mounts for this 
configuration. 
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Figure 2-8 How AutoFS Sets Up Indirect Mounts 

NFS server "basil" NFS server "thyme" NFS client "sage" 
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To C onfigu reMultiple(Repli cated) Servers for 
an Automounted Directory 

1. Follow the instructions in 'To Mount a Remote Directory Using a 
Direct Automounter Map" on page 60 or 'To Mount a Remote 
Directory Using an I ndirect Automounter Map"on page64. 

2. I n the di rect or i ndi rect map, modify the I i ne that mounts the remote 
directory so that multi pie servers are listed. 

• I f the remote di rectory has a different name on the different 
servers, use a syntax I ike the foil owing example from a direct map: 

/nfs/proj2/schedule -ro broccoli:/export/proj2/schedule \ 

cauliflower:/proj2/FY94/schedule 

AutoFS reads this entry as one line. The line has been broken for 
readability, and the backslash (\) tells AutoFS that the line 
continues after the line break. 

• I f the remote di rectory has the same name on every server, use a 
syntax I ike the following examplefrom an indirect map: 

man -ro broccoli,cabbage,cauliflower:/usr/share/man 

• You can assign weights to the various servers, by specifying a 
number in parentheses after each server name. The lower the 
weight number, the more likely the server is to be selected. 

man -ro broccoli{1),cabbage(2),cauliflower(3):/usr/share/man 

Servers with no weight specified have a default weight of zero 
(most likely to be selected). 

Server proximity is more important than the weights you assign. 
A server on the same network segment as the cl lent is more likely 
to be selected than a server on another network segment, 
regardless of the weights you assign. 

Directories with multiple servers should demounted read-only to ensure 
that the versions remain the same on all the servers. 

When a user requests access to a directory with multiple servers 
configured, AutoFS polls all the servers simultaneously and mounts the 
directory from the server that responds first. Multi pie servers give users 
reliable access to a mounted directory, because if one server is down, the 
directory can be mounted from another. Also, multi pie servers provide 
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some load balancing across the network; a server that is not busy will 
respond morequickly to AutoFS's poll than one that is heavily loaded, so 
the directory will be mounted from the server that is not busy. 

If you configure multiple servers on both sides of a gateway, a server on 
the same side of the gateway as the NFS client will always be used, 
because it will always respond to the client's poll before the servers on 
the other side of the gateway. 
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To Use E nvironmerit Variables as Shortcuts in 
Automounter Maps 

1. Use an environment variable anywhere in a direct or indirect 
automounter map except the first field, which specifies the local 
mount point. An environment variable must be preceded by a dollar 
sign ($) or enclosed in curly braces {}. The following direct map uses 
a variable called host: 

/private_flies sage:/export/private_flies/$HOST 

2. Add the -d option tothe automountd_options variable in the 
/etc/rc. config. d/nf sconf file to assign a value to the variable, 
as in the foil owing example: 

AUTOMOUNTD_OPTIONS="-D HOST='hostname'" 

The example shown above assumes that NFS server sage has 
subdirectories in its /export/private_f lies directory that are 
named after the hosts in its network. Every host in the network can use 
the same automounter map and the same automountd_options 
definition to mount its private files from server sage. 

For example, when AutoFS starts up on host basil, it assigns the value 
basil tothe HOST variable. Then, when someone requests access tothe 
local /private_fiies directory on basil, AutoFS mounts 

/export/private_files/basil from server sage. 

Any environment variable that is set to a value may be used in an 
automounter map. If you do not set the variable with the -d option in 
/etc/rc.config.d/nfsconf, AutoFS uses the current value of the 
environment variableon thelocal host. 

You cannot use environment variables in the automounter master map. 
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To Use Wildcard Characters as Shortcuts in 
Automounter Maps 

1. Use the asterisk (*) in an indirect map as a wildcard character to 
represent the local subdirectory, when you want the local 

subdi rectory to be the same as the remote system name or the remote 
subdirectory. 

2 . Use the ampersand (&) in a direct or indirect map as the remote 
system name or the remote subdirectory. Whatever is in the local 
directory name field will replace the ampersand. If you have used an 
asterisk to represent the local subdirectory, whatever replaces the 
asterisk (*) i n the local subdi rectory field also replaces the ampersand 
(&) in the remote system name or remote subdirectory field. 

You cannot use the asterisk (*) wildcard in a direct map. 

The following example automounts users' home directories. The home 
directories are physically located on NFS server basil, under the 
remote directory /export/home. On the local NFS client, the home 
directories will demounted under /home. 

Following is the line from the automounter master map 

/etc/auto_master that lists the indirect map /etc/auto_home. 

# /etc/auto_master file 

# local mount point map name mount options 

/home /etc/auto_home nosuid 

Following is the line from the automounter indirect map 
/etc/auto_home that mounts users' home directories on demand. 

# /etc/auto_home file 

# local mount point mount options remote server:directory 

# basil:/export/home/S 

A user's home directory is configured in the /etc/passwd file as 
/home/username For example, the home directory of user terry is 
/home/terry. When Terry logs in, AutoFS looks in the 
/etc/auto_home map and substitutes terry for both the asterisk and 
the ampersand. AutoFS then mounts Terry's home directory from 
/export/home/terry on server basil tO /home/terry on the local 
NFS client. 

The ampersand character can be used to represent both the remote 
server and the remote subdi rectory, i n the same I i ne of the i ndi rect map. 
For example, if users' home directories are physically located on many 
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different servers, but the directory under which the home directories are 
located is called /export/home/servernameon all the servers, the 
following line in the /etc/auto_home map will mount all users'home 
di rectories from any server: 

* &:/export/home/S 

If the home directory of user terry is configured in the /etc/passwd 
file as /home/basii/terry, when Terry logs in, AutoFS will mount the 
remote directory /export/home/basii from server basil on the local 
directory /home/basil. 

The line with the asterisk and ampersand should be the last line in an 
indirect map. AutoFS reads the lines in the indirect map sequentially 
until it finds a match for the requested local subdirectory. The asterisk 
(*) matches any subdirectory, so AutoFS stops reading at the line with 
the asterisk, because it has found a match. Any lines after the asterisk 
are never read. 

For example, if the /etc/auto_home map contains the foil owing lines, 

* basil:/export/home/& 

Charlie thyme:/export/home/charlie 

AutoFS attempts to mount /export/home/charlie from host basil. 
The asterisk is a match for chariie, so AutoFS looks no further and 
never reads the second line. However, if the /etc/auto_home map 
contains the following lines, 

Charlie thyme:/export/home/chariie 

* basil :/export/home/& 

AutoFS will mount Charlie's home directory from host thyme and 
everyone else's home directory from host basil. 

For more information on AutoFS configuration, type man im 
automount at the HP-UX prompt. 


72 


Chapter 2 




Configuring and Administering NFS 

Configuring and Administering AutoFS 


NOTE 


To Automount Users' Home Directories 

This configuration requires that users' home directories be located under 
the same directory on all systems in the network. On H P-UX release 9.x 
or earlier, home directories are usually located under /users. On 
HP-UX release 10.0 or later, home directories are usually located under 
/home. For this reason, you should not set up this configuration until all 
of your systems are running H P-UX release 10.0 or later. 

1 . Make sure the machines where users' home directories are located 
are set up as N F S servers and are export! ng the home di rector!es. See 
"Configuring and Administering an NFS Server" on page 22. 

2. I n the /etc/passwd fileon the NFS clients, or in the Nl S passwd 
map or NIS-i-passwd table, configure the home directory of each user 
as the NFS mount poi nt where the user's home di rectory wi 11 be 
moutnted. For example, if home directories are mounted under 
/home, Claire's home directory would be configured as 
/home/claire in the / etc/passwd file. 

3. If you are using local files for your automounter maps, createa file 
called /etc/auto_home on the NFS clients, and add a line to it for 
each user, I ike the foil owing example. If you are using Nl S to manage 
your automounter maps, add the lines to the /etc/auto_home fileon 
the NIS master server. 

Sammy thyme:/export/home/& nosuid 

The ampersand (&) character takes the value of the user name in 
each line. In the example above, user sammy's home directory is 
physically located on host thyme in /export/home/sammy. 

4. If you are using local files for your automounter maps, add the 
following line to the automounter master map, /etc/auto_master, 
on the NFS clients: 

/home /etc/auto_home 

I f you are usi ng NIS to manage your automounter maps, add the I i ne 
to the / etc/auto_master file on the NIS master server. 

5. If you are using NIS to manage your automounter maps, issue the 
following commands on the NIS master server to rebuild the maps 
and push them to slave servers: 

cd /var/yp 

/usr/ccs/bin/make auto_master 
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6 . Issuethe following command, on each NFS client that will use these 
automounter maps, to force AutoF S to reread the maps: 

/usr/sbin/automount 

Beforeyou can automount home directories, you must enable AutoFS. 
See 'To Enable AutoFS" on page 80. 

Example of Automounting a User's Home Directory 

User Howard's home directory is located on NFS server basil, where it 
is called /export/home/howard. On all the machines in the network, 
Howard has the following entry in the /etc/passwd file: 

toward:MILQSNltBHXhM:828:Howard:/home/toward:/bin/ksh 

When Howard logs into any NFS client, AutoFS recognizes /home as an 
AutoFS mount point, because it is configured in the master map: 

/home auto_home 

AutoF S reads the auto_home map to find out how to mount H oward's 
home directory. It finds the following line: 

howard basil:/export/home/& nosuid 

AutoFS substitutes howard for the ampersand (&) character in that line: 

howard basil:/export/home/howard nosuid 

AutoFS mounts /export/home/howard from server basil to the local 
mount point /home/howard on the NFS client. Figure 2-9 illustrates 
this configuration: 

Home Directories Automounted with Wildcards 

NFS server "basil" local NFS client 

/ / 

/export /home 

/howard 

/ \ 

v^.profile mystuff > 


/home 

/howard 
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To Automount Multiple Directories 
Simultaneously (Hierarchical Mounts) 

• Use an editor to create an entry with the following format in a direct 
or indirect automounter map. (Createthe map, if necessary, and add 
it to the automounter master map.) 

localdir /I oca I subdirectory [-options] server :remote_di rectory \ 

/local subdirectory [-options] server:remote directory \ . . . 

The backslash (\) characters tell AutoFS to ignore the line breaks, so 
this entry is effectively all one line. 

Map entries with this format cause all the remote directories on the line 
to be mounted at the same time. For example, the following entry from a 
di rect map mounts the source code and the data files for a project at the 
same ti me; whenever anyone requests access to either one, they are both 
mounted. 

/our_project /source -ro broccoli:/opt/projl/src \ 

/datafiles cauliflower:/opt/projl/samples/data 

Because the directories are always mounted simultaneously, you can use 
relative pathnames to move from one to another, for example, 

cd ../source 

Here is another examplefrom an indirect map. I n this example, the same 
mount option (nosuid) applies to all three automounted directories. 

chap2 -nosuid /text sage:/our_book/chap2 \ 

/graphics basil:/our_book/artwork/chap2 \ 

/old sage:/our_book/oldfiles/chap2 
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To Automount a Directory Using CacheFS 

Before you mount a file system, you must decide whether to use 
CacheFS. CacheFS improves read performance for data that will be read 
more than once. 11 does not i mprove write performance at al I. 

Good choices for cached filesystems include man pages and executable 
programs, which are read multipletimes and rarely modified. A bad 
choice is /var/maii, which is modified frequently but is typically read 
only once and then thrown away. 

Follow these steps to automount a directory with CacheFS: 

1. On the NFS client host, issue the following command to create a 
CacheFS directory with the data structures necessary to allow a 
CacheFS mount: 

/usr/sbin/cfsadmin -c /C3Che_dirGCtory 

For example, if you had a mounted filesystem called /disk2,you 
could create a CacheFS directory called /disk:2/cache with the 
following command: 

/usr/sbin/cfsadmin -c /disk2/cache 

2. Add a line for the automounted filesystem to the appropriate 
automounter direct or indirect map, as in the following examples: 

# direct map example: 

/usr/dist -ro,nosuid,fstype=cachefs,backfstype=nfs, \ 
cachedir=/disk2/cache distserver:/export/dist 

# indirect map example: 

projl -nosuid, fstype=cachefs,backfstype=nfs,\ 
cachedir=/disk2/cache \ 

/src testboxl:/export/projl/src 
/data testbox2:/export/projl/data 

3. If you modified a direct map or the automounter master map, issue 
the following command, on each NFS client that will use the map, to 
force AutoFS to reread its maps: 

/usr/sbin/automount 

You can specify caching in an NIS automounter map only if all clients 
who wi 11 use the map have thei r cachi ng di rectory set up i n the same 
location (/disk2/cache, in the examples). 

For more informationon CacheFS, see Chapter 3, "Configuring the Cache 
File System (CacheFS)," on page 95. 
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To Include an Automounter Map in Another 
Automounter Map 

• To include the contents of an automounter map in another 

automounter map, add a plus sign (+) before the map name, as in the 
following example: 

# /etc/auto_home file 

# local mount point mount options remote server:directory 

basil -nosuid basil:/export/home/basil 

+auto_home 

Assume the /etc/auto_home map is listed in the master map with the 
following line: 

/home /etc/auto_home 

This example has the following effect: 

If a user logs in whose home directory is in /home/basii, AutoFS will 
mount the directory /export/home/basii from host basil. 

If a user logs in whose homedirectroy is in /home/sage, /home/thyme, 
or any subdirectory of /home other than basil, AutoFS will consult the 
Nl S map auto_home for information on mounting the user's home 
di rectory. 

The plus sign (+) tells AutoFS to look in a different map for the 
information it needs to mount the directory. If the map name following 
the plus sign begins with a slash, AutoFS assumes it is a local file. If the 
map name contains no si ashes, AutoFS uses the Name Service Switch to 
determine whether it is a file or an NIS map. See "Configuring the Name 
Service Switch" on page 153. 

You can include an automounter map inside a local file but not inside an 
NIS map. 

For more information, type man im automount or man 4 
nsswitch.conf. 
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To Create a Hierarchy of Automounter Maps 

An organization made up of many departments may wish to organize a 
shared automounted directory structure. I n the following example, the 
shared top-level directory is called /org. The /org directory contains 
several subdirectories, listed in theauto_org automounter map. Each 
department administers its own automounter map for its subdirectory. 

The automounter master map needsjust a single entry for /org: 

# auto_master map 

# Directory Map Name 

/org auto_org 

The auto_org map looks like this: 

finance -fstype=autofs auto_finance 

marketing -fstype=autofs auto_marketing 

legal -fstype=autofs auto_legal 

research -fstype=autofs auto_research 

eng -fstype=autofs auto_eng 

And the engineering department's map, auto_eng, looks I ike this: 

releases bigiron:/export/releases 

tools mickey,minnie:/export/tools 

source -fstype=autofs auto_eng_source 

projects -fstype=autofs auto_eng_projects 

A user in the "blackhole" project within engineering might use the 
following path: 

/org/eng/projects/blackhole 

Beginning with theAutoFS mount at /org, the evaluation of this path 
would dynamically create additional AutoFS mounts at /org/eng and 
/org/eng/pro jects. Since AutoFS mounts are created only when 
needed, changes to maps requi re no action to become visi ble at the user's 
workstation. The automount command needs to be run only when 
changes are made to the master map or to a di rect map. 

H ierarchical automounter maps provide a framework within which large 
shared filesystems can be organized. Together with Nl S, which allows 
you to share information across administrative domains, the 
maintenance of the shared namespace can be effectively decentralized. 
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To Turn Off an Automounter Map with the 

-null Map 

1. Add a line with thefollowing syntax to the automounter master map: 
local directory -null 

2. If AutoFS is running, issue the following command, on each client 
that will use the map, to force AutoFS to reread its maps: 

/usr/sbin/automount 

The-nuii option "turns off"the map that ismounted on local_directory. 
For example, if the Nl S auto_master map mounts the auto_home map 
on /home, and you include the foil owing line in your local 

/etc/auto_master file, 

/home -null 

theNIS auto_home map will not be used on your system. 

The -null option is useful for turningoff Nl S automounter maps that do 
not apply to your host. 

You can also replace Nl S maps with local maps, as in thefollowing 
example from /etc/auto_master: 

/home /etc/auto_ourhome 

Because AutoFS reads the local /etc/auto_master file beforethe NIS 
auto_master map, this entry causes AutoFS to look for mount 
information in the local file /etc/auto_ourhome instead of the 

auto_home NIS map. 

For more information, type man im automount. 
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To Enable AutoFS 

1. I n the / etc/rc. con fig. d/nf sconf file, make sure the 
NFS_CLiENT and AUTOMOUNT Variables are set to 1, as follows: 

NFS_CLIENT=1 

AUTOMOUNT=l 

2. Issue the following command to run the NFS client startup script: 

/sbin/init.d/nfs.client start 

or 

/sbin/init.d/autofs start 

The nf s . client start script will Start any NFS client processes that 
are not already running, including AutoFS. If you want to start only 
AutoFS, use the autofs start script. 

When AutoFS starts up, it uses the Name Service Switch to determine 
which name services you are using and to find the master maps that are 
availablefrom those name services. 

For more information, type man 4 nsswitch. conf or man im 
automount at the HP-UX prompt. 


To Disable AutoFS 

1. I n the / etc/rc. conf ig. d/nf sconf file, make sure the 
NFS_CLiENT and AUTOMOUNT Variables are set to 1, as follows: 

NFS_CLIENT=1 

AUTOMOUNT=l 

2. Issue the following command to run the AutoFS shutdown script: 

/sbin/init.d/autofs stop 

CAUTION Do not kill the automound daemon with the kill command. It does not 

die gracefully. It does not unmount AutoFS mount points before it dies. 
Usetheautofs stop script to ensure that automound dies cleanly. 
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To Verify Your AutoFS Configuration 

1. Type the foil owing command to change the current working directory 
to an automounted directory: 

/usr/bin/cd local_directory 

where I oca I _di rectory is the configured mount point in the 
automounter map. 

2. Type the foil owing command to verify that the contents of the remote 
directory have been mounted under the local mount point: 

/usr/bin/ls 

If the directory is configured in an indirect map, issuing theis command 
from the parent directory will display nothing. When you cd to a 
subdirectory configured in the indirect map, or issue the command 
Is subdirectory, the subdirectory will demounted. 

Therefore, if you have the following indirect map configuration, 

# /etc/auto_master file 

# local mount point map name mount options 

/nfs/desktop /etc/auto_desktop 

# /etc/auto_desktop file 

# local mount point mount options remote server:directory 

draw -nosuid thyme:/export/apps/draw 

write -nosuid basil:/export/write 

and you issue the following commands, 

cd /nfs/desktop 
Is 

the Is command will produce no output, because the draw and write 
subdirectories are not currently mounted. However, if you issue the 
fol lowi ng commands, 

cd /nfs/desktop/write 
cd /nfs/desktop/draw 

cd . . 

Is 

the Is command will display 

draw write 

If AutoFS is not mounting your configured directories, see 
'Troubleshooting NFS Services"on page 173. 
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To Modify or Remove (Unmount) an 
Automounted Directory 

1. Ifyou are planning to remove an automounted directory, issue the 
fol lowi ng command to determi ne whether the di rectory is currently i n 
use: 

/usr/sbin/fuser -cu IOC3l_mOunt_point 

This command lists the process I Dsand user names of everyone using 
the mounted directory. 

2. Warn any users to cd out of the di rectory, and ki 11 any processes that 
are using the directory, or wait until the processes terminate. You can 
issue the fol lowing command to kill all the processes using the 
mounted directory: 

/usr/sbin/fuser -ck local_mcxjnt_point 

3. Use an editor to make your changes to the direct or indirect map. 

4. Ifyou removed the last entry in the direct or indirect map, remove the 
line for that map in the automounter master map. 

5. I f you made any changes to the master map, or if you added or 
modified a local mount point in a direct map, run the following 
command to force AutoFS to reread its maps: 

/usr/sbin/automount 
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Configuring and Using NFS Netgroups 

This section tells you how to create and use NFS netgroups to restrict 
NFS access to your system. 11 describes the fol lowing tasks: 

• To Create Netgroups in the/etc/netgroup File 

• To Use Netgroups in Configuration Files 
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To Create Netgroups in the /etc/netgroup 
File 

1. If you are using the I cxal /etc/netgroup fileor the Nl S netgroup 
map for netgroups, add lines with the following syntax to the 
/etc/netgroup file. If you areusing NIS, besuretoedit the 
/etc/netgroup file only on the NIS master server. 

ndtgroupname (hcst, user, NISdomain), (hcst, user, NISdomain) ... 

2. If you areusing NIS to manage your netgroups database, issue the 
fol lowi ng command on the NIS master server to generate the 

netgroup, netgroup . byhost, and netgroup . byuser maps from 
the /etc/netgroup file and push the generated maps out tothe NIS 
slave servers: 

cd /var/yp 

/usr/ccs/bin/make netgroup 

A netgroup can be used in most NFS and NIS configuration files instead 
of a host name or a user name. A netgroup does not create a relationship 
between users and hosts. When a netgroup is used in a configuration file, 
it represents either a group of hosts or a group of users but never both. 

If you are using BIND (DNS) for hostname resolution, hosts must be 
specified as fully qualified domain names, for example 

turtle.bio.nmt.edu. 

If the host, user, or Nl S_domain is left blank in a netgroup, that field can 
take any value. If a dash (-) is specified in any field of a netgroup, that 
field can take no value. 

The Nl S_domain field specifies the NIS domain in which the (host, 
user, NIS_domain) tripleisvalid. For example, ifthenetgroup 
database contai ns the fol lowi ng netgroup, 

myfriends (sage,bldgl), (cauliflower,bldg2), (pear,-,bldgS) 

and an NFS server running Nl S in the domain bidgi exports a directory 
only tothe netgroup myfriends, only host sage may mount that 
directory. The other two triples are ignored, because they are not valid in 
the bidgi domain. 

If an H P-UX host not running Nl S exports a directory tothe netgroup 
myfriends, the Nl S_domain field is ignored, and all three hosts (sage, 
cauliflower, and pear) may mount the directory. 

Ifthenetgroup database contains the fol lowing netgroup. 
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mydomain {,,bldgl) 

and a host in the Nl S domain bidgi exports a directory to the netgroup 
mydomain, any host in anydomain may mount thedirectory becausethe 
host field is blank. 

If an H P-UX host not running Nl S exports a directory to the netgroup 
mydomain, shown above, the NIS_domain field is ignored, but the host 
field is used, so any host in anydomain may mount thedirectory. 

If a host in the Nl S domain bidg2 exports a directory to the netgroup 
mydomain, no host in any domain may mount thedirectory, becausethe 
triple is not valid in thebidg2 domain, so it is ignored. 

Netgroup Examples 

The following netgroup specifies a group of hosts: 

trusted_hosts (sage, , ), (basil, , ), (thyme, , ) 

The trusted_hosts netgroup could be used in the -access option of a 
line in the /etc/exports file, as follows: 

/usr -access=trusted_hosts 

The following netgroup specifies a group of users: 

administrators ( ,jane, ), ( ,art, ), ( ,mel, ) 

If this netgroup were ever accidentally included in a list of hosts rather 
than users, the blank space would be interpreted as a wildcard meaning 
any host. For example, if someone used this netgroup in a -access list 
in the / etc/exports file, any host would have access to the exported 
directory. For this reason, if a netgroup is used strictly as a list of users, 
it is better to put a dash in the host field, as follows: 

administrators (-,jane, ), (-,art, ), (-,mel, ) 

The dash indicates that no hosts are included in the netgroup. 

The trusted_hosts and administrators netgroups could be used 
together in the /etc/hosts. equiv file, as follows: 

+@trusted_hosts +@administrators 

The first netgroup would be read for host names, and the second would 
be read for user names. Users in the administrators netgroup could 
log into the local host from any host in the trusted_hosts netgroup 
without supplying a password. 

The two netgroups could be combined into one, as follows: 
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goodguys (sage,jane, ), (basil,art, ), (thyme,me1, ) 

If the two netgroups were combi ne(d this way, the same netgroup could be 
used as both the host name and the user name in the 

/ etc/host s . equiv file: 

+@goodguys +@goodguys 

The first occurrence of it would be read for the host name, and the second 
occurrence would be read for the user name. No relationship exists 
between the host and user in any of the triples. For example, user jane 
might not even have an account on host sage. 

A netgroup can contain other netgroups, as in the following example: 

root-users (dill,-, ), (sage,-, ), (thyme,- , ), (basil,-, ) 

mail-users (rosemary, , ), (oregano, , ), root-users 

The root-users netgroup is a group of four systems. The mail-users 
netgroup uses the root-users netgroup as part of a larger group of 
systems. The blank space in thethird field of each triple indicates that 
these netgroups are valid in any NIS domain. 
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To Use Netgroups in Configuration Files 

Netgroups may be used in the foil owing files: 

• /etc/exports, in the -access list 

• /etc/hosts .equiv Of $HOME/ . rhosts, in place of a host name Of 
user name 

• /etc/passwd, totell processes whether to look intheNIS password 
database for information about the users in the netgroup 

• /etc/group, totell processes whether to look in the NIS group 
database for information about the users in the netgroup 

The next few sections explain how to use netgroups in these files. 

Using Netgroups in the /etc/exports File 

I n the /etc/exports file, netgroups can be used in the list of NFS 
clients following the -access option, as in the following example: 

/var/mail -access=mail_clients 

The maii_ciients netgroup is defined as follows: 

mail_clients (cauliflower, , ), (broccoli, , ), (cabbage, , ) 

Only the host names from the netgroup are used. If the netgroup also 
contains user names, these are ignored. This netgroup is valid in any 
Nl S domain, because the third field in each triple is left blank. 

Using Netgroups in the /etc/hosts .equiv or 
$HOME/. rhosts File 

I n the /etc/hosts . equiv file, or in a . rhosts file in a user's home 
directory, netgroups can be used in either the host name field or the user 
name field, as in the foil owing example: 

+ @our_f riencis +@our_f riends 

The netgroup our_f riends can be used as both the host name and the 
user name, because it includes both host names and user names, as 
follows: 

our_friends (sage,sara, ), (sage,eric, ), (dill,-, ), ( ,monica, ) 
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The blank host name field in the fourth triple serves as a wildcard, 
allowing users from any host on the network to log in without supplying 
a password. However, only the users listed in the netgroup are given this 
privileged access, because each user name field contains either a user 
name or a dash. 

Netgroups can also be used to deny privileged access to certain hosts or 
users in the /etc/hosts. equiv or $HOME/. rhosts file, as in the 
following example, 

+ -@vandals 

The plus sign (+) is a wildcard in the /etc/hosts .equiv or 
SHOME/ .rhosts file Syntax, allowing privileged access from any host in 
the network. The netgroup vandals is defined as follows: 

vandals ( ,pat, ), ( ,harriet, ), ( ,reed, ) 

All users except those listed in the vandals netgroupcan log into the 
local system without supplying a password from any system in the 
network. 


CAUTION Any users who are denied privileged access in the /etc/hosts . equiv 

filecan still beallowed privileged access in a user's $home/ . rhosts file. 
The $HOME/. rhosts file is read after the /etc/hosts. equiv file and 
overrides it. 


For more information, type man 4 hosts. equiv at the H P-UX prompt. 

Using Netgroups in the /etc/passwd File 

I n the /etc/passwd file, netgroups can be used to indicate whether user 
information should be looked up in the Nl S passwd database. 

The following example line from the /etc/passwd file indicates that 
users in the netgroup animals should be looked up in the NIS passwd 
database: 

+@animals 

The animals netgroup is defined as follows in the / etc/netgroup file: 

animals (-,mickey, ), (-,daffy, ), (-,porky, ), (-,bugs, ) 

Note that the /etc/passwd file is searched sequentially, so if user 
mickey, daffy, porky, or bugs appears before the animals netgroup in 
the /etc/passwd file, the NIS database will never be consulted for 
information on that user. 
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The Name Service Switch configuration is used to determine where to 
look for the contents of a netgroup. See "Configuring the Name Service 
Switch" on page 153. 

Netgroups can also be used to prevent look ups of certain users in theNIS 
passwd database. The following example lines from the /etc/passwd 
file indicate that if the Nl S passwd database contains entries for users 
in the bears netgroup, these entries cannot be used on the local system. 
Any other users can be looked up i n the NIS database. 

-@bears 

+ ::-2 : 60001 : : : 

The I i ne begi nni ng with + causes the NIS database to be searched for 
any users (except those in the bears netgroup) who are not listed before 
the line beginning with +. 

For more information on Nl S, see "Configuring and Administering Nl S" 
on page 101. 

For information on the /etc/passwd file, typeman 4 passwd at the 
HP-UX prompt. 

Using Netgroups in the /etc/group File 

I n the /etc/group file, netgroups can be used to indicate whether group 
information about certain users should be looked up in the NIS group 
database. 

The following example line from the /etc/group file indicates that 
group information for users in the netgroup animals can be found in the 
NIS group database: 

+@animals 

The animals netgroup is defined as follows in the /etc/netgroup file: 

animals (-,mickey, ), (-,daffy, ), (-,porky, ), (-,bugs, ) 

Members of the animals netgroup can belong to groups listed in the 
local /etc/group fileas well as in the NIS group database. The 
following lines in the /etc/group file give users bugs and daffy 
membership in the group wiseguys and in any group in the NIS 
database that includes them as members: 

wiseguys::22:bugs,daffy 
+@animals 
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Netgroupscan also be used in the /etc/group file to prevent lookups 
for certain users. The bears netgroup is defined as follows in the 

/etc/netgroup file: 

bears (-,yogi, ), (-,smokey, ), (-,pooh, ) 

The following lines in the /etc/group file allow user pooh membership 
in group teddybears but not In any other group listed in the NIS 
database or after the-@bears line in the /etc/group file: 

teddybears::23:pooh,paddington 
-@bears 

For more information on Nl S, see "Configuring and Administering NIS" 
on page 101. 

For information on the /etc/group file, typeman 4 group at the 
HP-UX prompt. 
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Configuring the Other NFS Daemons 
and Services 

I f you want to use some of the other NFS services, I i ke the Remote 
Execution Facility (REX) or the rup(l) and rusers(l) commands, this 
section tells you how to enable those daemons and services. This section 
tel Is you how to perform the fol lowi ng tasks: 

• To Enable the Other NFS Services 

• To Restrict Access to the Other NFS Services 
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To Enable the Other NFS Services 


1. In the /etc/inetd. conf file, use a text editor to uncomment the 
lines that begin with "rpc." (Delete the sharp sign in the first 
column.) 

If the lines do not exist, type them into the / etc/inetd. conf file. 
Table 2-6 gives the line you need to enter for each NFS service. 

2. If NFS is not yet running on your system, issue the following 
command: 

/sbin/init.d/nfs.client start 

3. Issue the following command to force inetd to read its configuration 
file: 

/usr/sbin/inetd -c 

CAUTION Do not issue the /usr/sbin/inetd command if NFS isnotyet running 

on your system. The NFS startup script starts theportmap(lM) process, 
which must be running before you start inetd. 


Table 2-6 lists the NFS daemons and services that can be started by the 
inetd daemon. It briefly describes each one and tells you which man 
pages you can read for more information. It also gives the line that 
configures each service in the inetd. conf file. 

You cannot use SAM to enable the other NFS services. 


Table 2-6 Other NFS Services 


rexd 


The rpc. rexd program is the server for the on command, which starts the 
Remote Execution Facility (REX). The on command sends a command to be 
executed on a remote system. The rpc. rexd program on the remote system 
executes the command, simulating the environment of the user who issued the 
on command. See "Configuring and Using the Remote Execution Facility 
(REX)" on page 165, or see man pages rexd(lM) and on(l). The following line 
configures rexd in inetd . conf: 

rpc stream tcp nowait root /usr/sbin/rpc.rexd 100017 1 rpc.rexd 
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rstatd 

The rpc. rstatd program answers requests from the rup command, which 
collects and displays status information about the machines on the local 
network. For more information, see man pages rstatd(lM) and rup(l). The 
following line configures rstatd in inetd. conf : 

rpc dgram udp wait root /usr/lib/netsvc/rstat/rpc.rstatd 100001 1-3 \ 
rpc.rstatd 

rusersd 

The rpc. rusersd program responds to requests from the rusers command, 
which collects and displays information about all users logged into the 
machines on the local network. For more information, see man pages 
rusersd(lM) and rusers(l). The following line configures rusersd in 
inetd. conf: 

rpc dgram udp wait root /usr/lib/netsvc/rusers/rpc.rusersd 100002 1-2 \ 
rpc.rusersd 

rwalld 

The rpc. rwalld program handles requests from the rwaii program. The 
rwaii program sends a message to a specified machine where the 
rpc. rwalld program is running, and the message is written to all users 
logged onto the machine. For more information, see man pages rwaiid(lM) 
and rwaii(lM). The following line configures rwalld in inetd. conf : 

rpc dgram udp wait root /usr/lib/netsvc/rwall/rpc.rwalld 100008 1 \ 
rpc.rwalld 

sprayd 

The rpc. sprayd program is the server for the spray command, which sends a 
stream of packets to a specified host and then reports how many were received 
and how fast. For more information, see man pages sprayd(lM) and 
spray(lM). The following line configures sprayd in inetd. conf : 

rpc dgram udp wait root /usr/lib/netsvc/spray/rpc.sprayd 100012 1 \ 
rpc.sprayd 

rquotad 

The rpc. rquotad program responds to requests from the quota command, 
which displays information about a user's disk usage and limits. For more 
information, see man pages rquotad(lM) and quota(l). The following line 
configures rquotad in inetd . conf: 

rpc dgram udp wait root /usr/sbin/rpc.rquotad 100011 1 rpc.rquotad 
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To Restrict Access to the Other NFS Services 

• I n the /var/adm/inetd. sec file, create a line with the following 
syntax for each service to which you want to restrict access: 

service {allow} hc6t_or_network [hc6t_or_network... ] 

{deny} 

If the /var/adm/inetd. sec filedoes not exist, you will have to create 
it. 

service must match one of the service names in the /etc/rpc file. 

Specify either allow or deny but not both. Enter only one line per 
service. 

host_or_network can be either an official host name or network name or 
an IP address. Any of the four numbers in an IP address can be specified 
as a range (for example, 1-28) or the wildcard character (*). 

The inetd. sec file is checked only when the service is started. I f a 
service remains active and accepts more requests without being 
restarted, the inetd. sec file is not checked again. 

You can use SAM to modify the /var/adm/inetd. sec file. 

For more information seethe man pages inetd. conf(4) and 
inetd.sec (4). 

Examples from /var/adm/inetd. sec 

The following example allows only hosts on subnets 15.13.2.0 through 
15.13.12.0 to use the spray command: 

sprayd allow 15.13.2-12.0 

The following example prevents host cauliflower from using the 
rwaii command: 

rwalld deny cauliflower 
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The Cache File System (CacheFS), is a general purpose file system 
caching mechanism that improves NFS server performance and 
scalability by reducing server and network load. CacheFS provides the 
ability to cache one file system on another. I n an NFS environment, 
CacheFS increases the client per server ratio, reduces server and 
network loads, and improves performance for clients on slow links (for 
example, PPP). 

CacheFS performs local disk caching of filesystems, which reduces the 
network traffic. I ndividual client machines become less reliant on the 
server, thereby decreasing overall server load, which leads to an increase 
in server performance. 

By default, CacheFS maintains consistency with the back filesystem 
using a consistency checking model I ike that of NFS (polling for changes 
in file attributes). 

Following are some CacheFS terms that will be used in this chapter: 

back filesystem The file system that is being cached. On FI P-UX 10.20, 
NFS is the only supported back filesystem. 

front file system The file system that contains the cached data. On 

FIP-UX 10.20, FIFS andj FS arethesupported front file 
systems. 

cold cache A cache that does not yet have any data in its front file 
system. I n this case, requested data must be copied 
from the back file system to the front file system (that 
is, the cache must be populated). An attempt to 
reference data that is not yet cached is called a "cache 
miss." 

warm cache A cache that contains the desired data in its front file 
system. I n this case, the cached data can be returned to 
the user without requiring any action from the back file 
system. An attempt to reference data that has been 
cached is called a "cache hit." 
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Configuring CacheFS 

Before you mount a file system, you must decide whether to use 
CacheFS. CacheFS improves read performance for data that will be read 
more than once. It does not improve write performance at all. 

The first time data is read from an NFS-mounted filesystem, there is 
actually some overhead while CacheFS writes the data to its local cache. 
After the data is written to the cache, read performance for the file 
system is significantly improved. 

Good choices for cached file systems include man pages and executable 
programs, which are read multipletimes and rarely modified. A bad 
choice is /var/maii, which is modified frequently but is typically read 
only once and then thrown away. 

You cannot use SAM to mount a filesystem with CacheFS. 

You can use CacheF S to cache N F S-mounted or automounted N F S file 
systems. Before you can mount a file system using CacheFS, you must 
configure a local file system as the cache directory. 

This section gives instructions for completing the following tasks: 

• To Configure a Local File System as Cache 

• To Mount an NFS File System Using CacheFS 

• To Automount a File System Using CacheFS 

For more information on CacheFS, see the following man pages: 
cfsadmin (IM), f sck;_cachef s (IM), mount (IM), mount_cachefs (IM), 
and cachef sstat(lM). 
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To Configure a Local File System as Cache 

1. I f necessary, configure and mount anFHFSorJFSfile system on the 
client system where data will be cached. Seethe HP-UX System 
Administration Tasks manual for more information. 

Nospecial disk partitioning is necessary for creating a CacheFS front 
filesystem. If you already have a mounted file system with sufficient 
disk space for caching your NFS filesystems, you can createa 
subdirectory in the existing file system to use for your CacheFS front 
filesystem. 

2. Issue the following command to create a CacheFS directory with the 
data structures necessary to al low a CacheFS mount: 

/usr/sbin/cfsadmin -c /C3Che_dirGCtory 

For example, if you had a mounted filesystem called /disk 2 , you 
could createa CacheFS directory called /disk2/cache with the 
following command: 

/usr/sbin/cfsadmin -c /disk2/cache 

CacheFS manages its resources most effectively in cases where the 
entire front file system is dedicated to caching, or in cases where the 
non-cache portions of the front filesystem are static, read-only files. 

CacheFS allows more than one file system to be cached in the same 
cache. There is no need to create a separate cache directory for each 
CacheFS mount. I n typical usage, you need to run cf sadmin -c only 
once to create a single cache for all of your CacheFS mounts. 

For more information, type man im cf sadmin at the H P-UX prompt. 
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To Mount an NFS File System Using CacheFS 

Beforeyou can mount an NFS filesystem with CacheFS, you must 
configure a directory in a local file system as cache. See 'To Configure a 
Local File System as Cache" on page 98. 

1. Issue the mount(lM) command to mount an NFS file system using 
CacheFS, as in the following examples: 

mount -F cachefs -o backfstype=nfs,cachedir=/disk2/cache \ 
nfsserver:/opt/frame /opt/frame 

2. Add a line to the /etc/fstab file, as in the following example, to 
cause your N FS file system to be mounted at system boot: 

nfsserver:/opt/frame /opt/frame cachefs \ 
backfstype=nfs,cached!r=/disk2/cache 0 0 

This example NFS-mounts the directory /opt/frame from server 
nf sserver tothe local / opt/frame directory. Now, / opt/frame Can be 
accessed just like any mounted filesystem. As data in /opt/frame is 
referenced, it will be copied into /disk2/cache. Further references to 
the data will access the data on the local disk instead of the data on the 
remote server. 

For more information, type man im mount at the H P-UX prompt. 


Chapter 3 


99 




Configuring the Cache File System (CacheFS) 

Configuring CacheFS 


To Automount a File System Using CacheFS 

Before you can automount an NFS filesystem with CacheFS, you must 
configure a directory in a local file system as cache. See 'To Configure a 
Local File System as Cache" on page 98. 

1. Add a line for the automounted filesystem to the appropriate 
automounter direct or indirect map, as in the following examples: 

# direct map example: 

/usr/dist -ro,nosuid,fstype=cachefs,backfstype=nfs, \ 
cachedir=/disk2/cache distserver:/export/dist 

# indirect map example: 

projl -nosuid,fstype=cachefs,backfstype=nfs, \ 
cachedir=/disk2/cache \ 

/src testboxl:/export/projl/src 
/data testbox2:/export/projl/data 

2. If you modified a direct map or the automounter master map, issue 
the following command, on each NFS client that will use the map, to 
force AutoFS to reread its maps: 

/usr/sbin/automount 

You can specify caching in an NIS automounter map only if all clients 
who wi 11 use the map have thei r cachi ng di rectory set up i n the same 
location (/disk2/cache, in the examples). 

For more information, type man im automount at the H P-UX prompt. 


100 


Chapters 




Configuring and Administering 
NiS 


101 



Configuring and Administering NIS 


The Network Information Service (NIS), previously called 'Yellow 
Pages," is a distributed database system that allows you to maintain 
commonly used configuration information on a master server and 
propagate the information to all the hosts in your network. This chapter 
explains how to configure and administer the servers and clients in an 
NIS domain. It contains the following sections: 

• Overview of NIS 

• Planning the NIS Network 

• Configuring and Administering an NIS Master Server 

• Configuring and Administering an Nl S Slave Server 

• Configuring and Administering an NIS Client 

• Configuring and Administering Secure RPC 

• Summary of NIS Commands 


NOTE Nl S is not supported across extended LANs (LANs separated by routers 

or bridges). Nl S is also not supported across WAN links, like X.25 and 
SLIP. 
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Overview of NIS 

NIS allows you to administer the configuration of many hosts from a 
central location. Common configuration information, which would have 
to be maintained separately on each host in a network without NIS, can 
be stored and maintained in a central location and propagated to all of 
the nodes in the network. 

Information Managed by NIS 

By default, NIS manages the following configuration files: 

• /etc/hosts, a file that maps internet addresses to host names. 

• /etc/passwd, a list of the users on your system, along with their 
passwords, home directories, and other information. 

• /etc/group, a list of groups of users. 

• /etc/netgroup, a list of NFS netgroups, which aregroupsof host 
names or user names used for allowing or denying access to systems 
and services. 

• /etc/services, a file that associates network services with their 
port numbers and protocols. 

• /etc/protocols, a file that associates network protocols with 
protocol numbers. 

• /etc/networks, a list of network names and numbers. 

• /etc/rpc, a file that maps RPC program names to program 
numbers. 

• /etc/auto_master, an NFS automounter map that lists the direct 
and indirect automounter maps and their mount points. 

• /etc/mail/aliases, a list of sendmail aliases. 

• /etc/pubiickey, a list of secure RPC encryption keys. 

• /etc/netid, a list of secure RPC netnames 

(unix . UI D@domainnameor unix . hostname@domainname) for users 
and hosts outside your NIS domai n. 
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• /etc/vhe_iist, a configuration file for the Virtual Home 

Environment. (Type man 4 vhe_iist for more information.) VH E is 
not supported on 10.0 and later releases. 

The information in these files is put into Nl S databases automatically 
when you create an NIS master server. Other system files may be 
managed by NIS, if you wish to customize your configuration. 

Structure of the NIS Network 

The center of the NIS network is the NIS master server. When you 
create an NIS master server, the configuration files on that host are used 
to create NIS maps, which are hashed database versions of the 
configuration files. OncetheNIS network is set up, any changes to the 
maps must be made on the master server. 

I n addition to the master server, you can create backup servers, called 
NIS slave servers, to take some load off the master server and to 
substitute for the master server when it is down. When you create an 
NIS slave server, the maps on the master server are transferred to the 
slave server. Whenever a change is made to a map on the master server, 
the modified map must be transferred to the slave servers. 

Typically, all the hosts in the network, including the master and slave 
servers, are NIS clients. Whenever a process on an Nl S client requests 
configuration information, it calls NIS instead of looking in its local 
configuration files. (For group and password information and mail 
aliases, the /etc files may be consulted first, and NIS may be consulted 
if the requested information is not found in the /etc files.) 

The set of maps shared by the servers and clients is called the NIS 
domain. The master copies of the maps are located on the Nl S master 
server, in the directory/var/yp/domainname Under the domainname 
directory, each map is stored as two files: mapname. dir and 
mapname.pag. Each slave server has an identical directory containing 
the same set of maps. 

When a client starts up, it broadcasts a request for a server that serves 
its domain. Any server that has the set of maps for the client's domain 
may answer the request. The client "binds" to the first server to answer 
its request, and that server answers all of its NIS queries. 

Figure 4-1 shows the flow of information in an NIS domain. 
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Figure 4^1 


Flow of Information in an NIS Network 
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Planning the NIS Network 

This section explains how to plan the layout of your NIS network. It tells 
you how to perform the following tasks: 

• To Determine the Number of Nl S Domains You Need 

• To Determine the Number of Nl S Servers You Need 

• To Determine Which Hosts Will Be NIS Servers 

• To Draw an NIS Network Map 

To Determine the Number of NIS Domains You 
Need 

For many sites, all hosts can belong to the same domain, and it is not 
necessary to set up more than one. H owever, you might want to create 
multiple domains for the following reasons: 

• If your site is divided into multiple administrative departments, with 
a different system administrator for each department, you should 
allow each system administrator to maintain a separate Nl S domain. 

• If your site is divided into multiple administrative departments, and 
each department requires different configuration data and allows 
access to different users and hosts, you should create a separate NIS 
domain for each administrative department. 
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To Determine the Number of Nl S Servers You 
Need 

Following are some guidelines for determining the number of Nl S 

servers you will need in your domain: 

• You must put a server on each subnetwork in your domain. When a 
client starts up, it broadcasts a message to find the nearest server. 
This broadcast message is not propagated across routers or gateways, 
so each subnet must have at least one server. 

• I n general, a server can serve about 30 NIS clients if the clients and 
servers run at the same speed. If the clients are faster than the 
servers, you will need more servers. If the clients are slower than the 
servers, each server can serve 50 or more clients. 

To Determine Which Hosts Will Be NIS 
Servers 

• Choose servers that are reliable and highly available. 

• Choose fast servers that are not used for CPU-intensive applications. 
Do not use gateways or term! nal servers as NIS servers. 

• Distribute servers appropriately among client networks. Because an 
NIS client can bind only to a server on its own subnet, each subnet 
must have enough servers to accommodate the clients on that subnet. 
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To Draw an NIS Network Map 

It is a very gcxxl idea to draw a map of your NIS network, to help with 
maintenance and troubleshooting in the future. Figure 4-3 shows an 
example of an NIS network map. 


Figure4'3 Example NIS Network Map 
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Configuring and Administering an NIS 
Master Server 

An NIS master server holds the source files for all theNIS maps in the 
domai n. Any changes to the NIS maps must be made on the NIS master 
server. The NIS master server delivers information to NIS clients and 
supplies the NIS slave servers with up-to-date maps. 

An NIS master server must also be an NIS client. 

This section explains how to perform the following tasks. Only the first 
five tasks are required to get your NIS master server up and running. 

• To Create the Master passwd File 

• ToCreatethe Master group File 

• ToCreatethe Master hosts File 

• ToEnableNIS Master Server Capability 

• To Verify Your NIS Master Server Configuration 

• To Configure the NIS Master Server to Usea Private passwd File 

• To Restrict Client and Slave Server Access to the Master Server 

• ToChecktheContentsof an NIS Map 

• To Modify an Nl S Map 

• To Add an Automounter Map to Your NIS Domain 

• To Remove an Automounter M ap from Your NIS Domain 

• To Add a Slave Server to Your NIS Domain 

• To Remove a Slave Server from Your NIS Domain 

• ToQuery BIND for Flost Information After Querying NIS 

• To Use Nl S With Short File Names 

• ToConfigurean FIP-UX Master Server in a Domain with Sun 
Systems 
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To Create the Master passwd File 

1. Copy the /etc/passwdfilefromeach host in your NIS domain tothe 
/etc directory on the host that will be the master server. Name each 
copy /etc/passwd. hostname, where hostname is the name of the 
host it came from. 

2. Concatenate all the passwd files together, including the master 
server's passwd file, into a temporary passwd file, as follows: 

cd /etc 

cat passwd passwd. hoStnaiTIGl passwd. hostnam^ .. . > passwd. temp 

3. Issue the following command to sort the temporary passwd file by 
user name: 

sort -o /etc/passwd.temp -t: -kl,1 /etc/passwd.temp 

4. Examine /etc/passwd. temp for duplicate user names. If you find 
multiple entries for the same user, edit the file to remove redundant 
ones. Make sure each user in your network has a unique user name. 

5. Issue the following command to sort the temporary passwd file by 
user ID: 

sort -o /etc/passwd.temp -t: -k3n,3 /etc/passwd.temp 

6. Examine /etc/passwd. temp for duplicate user IDs. If you find 
multiple entries with the same user ID, edit the file to change the 
user I Ds so that no two users have the same user ID. 

7. Move / etc/passwd. temp (the sorted, edited file) to / etc/passwd. 
This file will be used to generate the passwd map for your NIS 
domain. 

8. Remove all the /etc/passwd. hostname files from the master server. 


NOTE NIS does not require that the passwd file be sorted in any particular 

way. Sorting the passwd file simply makes it easier to find duplicate 
entries. 


For more information, type man 4 passwd or man i sort at the H P-UX 
prompt. 
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To Create the Master group File 

1. Copy the / etc/group file from each host in your NIS domain to the 
/etc directory on the host that will be the master server. Name each 
copy /etc/group . hostname, where hostnameisthe name of the host 
it came from. 

2. Concatenate alI the group files together, including the master 
server's group file, into a temporary group file, as follows: 

cd /etc 

cat group group . hOStnaiTlGl group . hOStnam^ .. . > group, temp 

3. Issue the following command to sort the temporary group file by 
group name: 

sort -o /etc/group.temp -t: -kl,l /etc/group.temp 

4. Examine /etc/group, temp for duplicate group names. If a group 
name appears more than once, merge the groups with the same name 
into one group and remove the duplicate entries. 

5. Issue the following command to sort the temporary group file by 
group ID: 

sort -o /etc/group.temp -t: -k3n,3 /etc/group.temp 

6. Examine /etc/group, temp for duplicate group IDs. If you find 
multiple entries with the same group ID, edit the file to change the 
group I Ds so that no two groups have the same group ID. 

7. Move /etc/group . temp (the sorted, edited file) to /etc/group. 
Thisfilewill be used to generate the group mapfor your NIS domain. 

8. Remove the /etc/group, hostname files from the master server. 


NOTE NIS does not require that the group file be sorted in any particular way. 

Sorting the group file simply makes it easier to find duplicate entries. 


For more information, type man 4 group or man i sort at the HP-UX 
prompt. 
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To Create the Master hosts File 

1. Copy the /etc/hosts filefromeach host in your NIS domain tothe 
/etc directory on the host that will be the master server. Name each 
copy /etc/hosts . hostname, where hostnameisthe name of the host 
it came from. 

2. Concatenate all the hosts files together, including the master 
server's hosts file, into a temporary hosts file, as follows: 

cd /etc 

cat hosts hosts . hostnarriGl hosts , hostnam^ .. . > hosts.temp 

3. Issue the following command to sort the temporary hosts file so that 
duplicate IP addresses are on adjacent lines: 

sort -o /etc/hosts.temp /etc/hosts.temp 

4. Examine /etc/hosts .temp for duplicate IP addresses. Ifthesame 

IP address appears in multi pleentries, removeall the entries but one. 
If you need to map an IP address to multiple host names, include 
them as aliases in a single entry. 

5. Issue the foil owing command to sort the temporary hosts file by host 
name: 

sort -o /etc/hosts.temp -b -k2,2 /etc/hosts.temp 

6. Examine /etc/hosts .temp for duplicate host names. A host name 
may be mapped to multiple IP addresses only if the IP addresses 
belong to different LAN cards on the same host. I f a host name 
appears in multi pie entries, mapped to IP addresses on different 
hosts, removeall the entries but one. 

7. Examine /etc/hosts .temp for duplicate aliases. No alias should 
appear in more than one entry. 

8. Move /etc/hosts .temp (thesorted, edited file) to /etc/hosts. 
Thisfilewill be used to generate the hosts mapfor your NIS domain. 

9. Remove the /etc/hosts . hostname files from the master server. 


NOTE NIS does not require that the hosts file be sorted in any particular way. 

Sorting the hosts files! mply makes it easier to find duplicate entries. 


For more information, type man 4 hosts or man i sort at the HP-UX 
prompt. 
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To Enable NIS Master Server Capability 

1. Log in as root to the host that will be the master server. 

2. On the host that will be the master server, ensure that the $path 
environment variable includes the following directory paths: 

• /var/yp 

• /usr/lib/netsvc/yp 

• /usr/ccs/bin 

3. Issuethefollowing command toset the Nl S domain name: 

/usr/bin/domainname domainnamG 

If your host uses short file names, make sure the first 14 characters of 
domainname uniquely identify your domain among the other NIS 
domains in your network. 

4. I n the /etc/rc . conf ig . d/namesvrs file, set the NIS_DOMAIN 

variableto the domain name: 

Nis_DOMAiN=domainname 

5. I n the /etc/rc . conf ig. d/namesvrs file, set the 
Nis_MASTER_SERVER and Nis_CLiENT Variables to 1, as follows: 

NIS_MASTER_SERVER=1 

NIS_CLIENT=1 

If the host that will bethe master server is already a slave server for 
another domain, set theNis_MASTER_SERVER variableto 1 and the 

Nis_SLAVE_SERVER Variable to 0. 

6. Issuethe following command tocreatethe Nl S maps for the domain: 

/usr/sbin/ypinit -m 

The ypinit Script will prompt you for the names of your slave 
servers. Enter the names of your slave serversin response tothe 
prompt. 

7. Issue the following commands to run the NIS startup scripts: 

/sbin/init.d/nis.server start 
/sbin/init.d/nis.client start 

The master server is now running as both an NIS master server and an 
NIS client. Next, you must configure the slave servers you listed when 
you ran the ypinit script. See "Configuring and Administering an Nl S 
Slave Server" on page 129. 


Chapter 4 


113 




Configuring and Administering NIS 

Configuring and Administering an NiS Master Server 


For more information, see the foil owing man pages: domainname(l), 

ypinit(lM), and ypfiles(4). 
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To Verify Your NIS Master Server 
Configuration 

• Log into the master server and issue the following command: 

/usr/bin/ypwhich -m 

The Ypwhich -m command lists all the Nl S maps available to the local 
client and gives the name of the master server that serves each map. I n 
this case, the local host is both the client and the master server. Your 
display should look something like this, where masternameisthe name 
of your local host: 

# /usr/bin/ypwhich -m 

vhe_iist mastername 
servi. bynp mastername 
services . byname mastB'name 
rpc. byname mastername 
protocols.bynumber mastername 
protocols.byname maste'name 
rpc. bynumber mastO'name 
passwci.byuid mastername 
passwd.byname mastername 
networks. byname mastername 
networks. byaddr mastername 
netgroup. byuser maste'name 
netgroup. byhost mastername 
netgroup mastername 
hosts.byname mastername 
hosts.byaddr mastername 
group.byname maste'name 
group.bygid mastername 
pubiickey. byname mastername 
netid.byname mastername 
mail.byaddr mastername 
mail.aliases mastername 
auto_master mastername 
ypservers mastername 

If you do not see a similar display, see 'Troubleshooting NFS Services" on 
page 173. Typeman i ypwhich for more information on the ypwhich 
command. 
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To Configure the NIS Master Server to Use a 
Private passwd File 

CAUTiON Do not use this procedure if your NIS master server is also a mail server. 

If the NIS master server uses only a subset of the information in the NIS 
passwd map, it cannot resolve mail addresses, and mail messages will 
fail. 


1. Log i n as root to the NIS master server. 

2. Copy the / etc/passwd fileto /etc/passwd. yp. 

3. Using a text editor, remove users from the /etc/passwd file who 
should not be allowed access tothe Nl S master server. Do not include 
a plus sign (+) in this file. 

4. Use a text editor to edit the /var/yp/Makefiie file. Changethe 
following line 

PWFILE=$(DIR)/passwd 

to the following: 

PWFILE=$(DIR)/passwd.yp 

5. I n the /etc/rc . conf ig. d/namesvrs file, modify the 
YPPASSWDD_0PTI0NS Variable. Changethe following line 

YPPASSWDD_OPTIONS="/etc/passwd -m passwd PWFILE=/etc/passwd" 

to the following: 

YPPASSWDD_OPTIONS="/etc/passwd.yp -m passwd PWFILE=/etc/passwd.yp" 

6. Issue the following commands to regenerate the NIS passwd maps 
from /etc/passwd.yp: 

cd /var/yp 

/usr/ccs/bin/make passwd 

This command generates both the passwd. byname and the 
passwd.byuid maps and pushes them to the slave servers. 

If your slave servers are not up and running yet, run make with the 
NOPUSH flag set to 1: 

cd /var/yp 

/usr/ccs/bin/make NOPUSH=l passwd 
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This prcxedure creates a restricted /etc/passwd file that is used only 
by the NIS master server. The unrestricted /etc/passwd. yp file is used 
to generate the NIS passwd maps, which are used by the rest of the 
hosts in the NIS domain. 

For more information, see the foil owing man pages: passwd(4), make(l), 
ypmakeflM ), and ypinit(lM). 
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To Restrict Client and Slave Server Access to 
the Master Server 

1. On theNIS master server, create a file cal led /var/yp/securenets, 
if it does not already exist. 

2. Add lines to the file with the following syntax: 

address mask I P address 

The I P_address is the internet address of an Nl S client, NIS slave 
server, or subnet that may request NIS information or transfer NIS 
maps from the NIS master server. 

The address_mask indicates which bits in the I P_address field are 
important. If a bit isset in the address_mask field, the corresponding 
bit in the source address of any incoming NIS requests must match 
the same bit in the I P_address field. 

3. Issue the following commands to kill and restart the ypserv process: 

/sbin/init.d/nis.server stop 
/sbin/init.d/nis.server start 

If a client or slave host has multiple network interface cards, add a line 
to the securenets file for the IP address of each card. 

Typeman 4 securenets at the HP-UX prompt for more information. 

Examples from /var/yp/securenets 

The foil owing line from a /var/yp/securenets fileallowsonly the Nl S 
client at IP address 10.11.12.13 to request information from the NIS 
master server. Because every bit is set i n the address mask, the source IP 
address on the NIS request must match exactly, or the master server will 
not return the requested information. 

255.255.255.255 10.11.12.13 

The following line from a /var/yp/securenets file allows any host on 
the network 10.11.12.0 to request NIS information or transfer NIS maps 
from the master server. The last 8 bits of the IP address are ignored, 
because the last 8 bits of the address mask are set to 0. Any host whose 
IP address begins 10.11.12 will be allowed access to the master server. 

255.255.255.0 10.11.12.13 
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To Check the Contents of an NIS Map 

• Issue the following command to verify that an NIS map contains the 
data you expect it to contain: 

/usr/bin/ypcat -k mapnamG 

The-k option lists the key for each item in the map as well as the data 
associated with the key. For example, in the netgroup map, the 
netgroup name is the key. Without the -k option, ypcat would list all 
the data associated with each netgroup name, but not the netgroup name 
itself. 

For more information on the ypcat command, type man i ypcat at the 
HP-UX prompt. 
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To Modify an NIS Map 

1. Log i n as root to the NIS master server. 

2. Make your changes to the source file for the Nl S map. For example, if 
you want tochangetheNIS hosts map, make your changes to the 

/etc/hosts file. 

3. Issue the following commands to generate the map and push it to the 
slave servers: 

cd /var/yp 

/usr/ccs/bin/make mapnamG 

If your slave servers are not up and running yet, run the make 
command with the nopush flag set to 1: 

cd /var/yp 

/usr/ccs/bin/make NOPUSH=l mapname 

This procedure works for all NIS maps except the ypservers map, 
which has no source file. For instructions on modifying the ypservers 
map, see 'To Add a Slave Server to Your NIS Domain" on page 124 or 
'To Remove a Slave Server from Your NIS Domain" on page 125. 

If you make changes to the passwd, group, or hosts maps, regenerate 
the netid. byname map. The net id. byname map isa mappi ng of users 
to groups, where each user is followed by a list of all the groups to which 
the user belongs. The netid.byname map is generated from the 

/etc/passwd and / etc/group files. 

For more information, see the foil owing man pages: make(l), 
ypmake(lM), yppush(lM ), and ypxf r(lM ). 
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To Add an Automounter Map to Your NIS 
Domain 

1. Log i n as root to the NIS master server. 

2. I n the/usr/sbin/ypinit Script, use a text editor to add the 
automounter maptotheMASTER_MAPS list, as follows: 

MASTER_MAPS="group.bygid group.byname \ 

hosts.byaddr hosts.byname netgroup netgroup.byhost \ 
netgroup.byuser networks.byaddr networks.byname passwd.byname \ 
passwd.byuid protocols.byname protocols.bynumber rpc.bynumber \ 
services.byname vhe_list publickey.byname netid.byname mail.byaddr \ 
mail.aliases auto_master rpc.byname servi.bynp auto_mapname" 

3. I n the /var/yp/Makefiie file, add the automounter map to the list 
of maps that begins with all:, as follows: 

all: passwd group hosts networks rpc services protocols \ 

netgroup aliases publickey netid vhe_list auto_master \ 
auto_mapname 

4. I n the /var/yp/Makefiie file, copy the statement that begins 

$ (YPDBDIR) /$ (DOM) /auto_master . time tothespace beloW it. 
Change all occurrences of auto_master to the name of the map you 
are adding. 

$ (YPDBDIR)/$(DOM)/auto_master.time: $(DIR)/auto_master 

@(sed -e "s/"[ | ]*//g" -e "/"#/d" -e s/#.*$$// < 

$(DIR)/auto_master $(CHKPIPE)) | 

$(MAKEDBM) - $(YPDBDIR) /$(DOM)/auto_master; 

@touch $(YPDBDIR)/$(DOM)/auto_master.time; 

@echo "updated auto_master"; 

@if [ ! $(NOPUSH) ]; then $ (YPPUSH) -d $(DOM) auto_master; fi 

@if [ ! $(NOPUSH) ]; then echo "pushed auto_master"; fi 

$ (YPDBDIR)/$ (DOM) /auto_mapmame. time: $ (dir) /auto_mapname 
@(sed -e "s/"[ | ]*//g" -e "/''#/d" -e s/#.*$$// < 

$ (DIR) /auto_mapname $ (chkpipe) ) 

$ (MAKEDBM) - $ (YPDBDIR) /$ (DOM) /auto_mapname; 
etouch $ (YPDBDIR) /$ (DOM) /auto_mapname. time; 

@echo "updated auto_mapname" ; 

@if [ ! $ (NOPUSH) ] ; then $ (YPPUSH) -d $ (DOM) auto_mapname; fi 

@if [ ! $(NOPUSH) ]; then echo "pushed auto_mapname" ; fi 

5. I n the /var/yp/Makefiie file, copy the statement that begins 
auto_master: to the space beloW it. Change auto_master to 
auto_mapname, and change both occurrences of 

auto_master.time to auto_mapname. time. 
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auto_master: 

@if [ $(NOPUSH) ]; then $(MAKE) $(MFLAGS) -k \ 

$(YPDBDIR)/$(DOM)/auto_master.time DOM=$(DOM) DIR=$(DIR) ; \ 
else $(MAKE) $(MFLAGS) -k $(YPDBDIR)/$(DOM)/auto_master.time \ 

DOM=$(DOM) DIR=$(DIR) NOPUSH=$(NOPUSH);fi 

auto_mapname: 

@if [ $(NOPUSH) ]; then $(MAKE) $(MFLAGS) -k \ 

$ (YPDBDIR)/$ (DOM)/auto_mapname. time D0M=$ (DOM) DIR=$ (DIR) ; \ 
else $(MAKE) $(MFLAGS) -k $ (YPDBDIR)/$ (DOM)/auto_mapname. time \ 

DOM=$(DOM) DIR=$(DIR) NOPUSH=$(NOPUSH);fi 

6. Issue the following commands to generate the map: 

cd /var/yp 

/usr/ccs/bin/make NOPUSH=l auto_rnapnarnG 

7. Ifyou have slave servers configured in your domain, log into each 
slave server and issue the following command to copy the new map to 
the slave server: 


/usr/sbin/ypxfr auto_mapname 

For more information, seethe man page for ypinit(lM), make(l), 
ypmake(lM), or ypxfr(lM). 
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To Remove an Automounter Map from Your 
NIS Domain 

1. Log i n as root to the NIS master server. 

2. I n the /usr/sbin/ypinit Script, use a text editor to remove the 
map name from the MASTER_MAPS list. 

3. I n the /var/yp/Makef lie file, remove the mapfrom the list of maps 
that begins with all:. 

4. I n the /var/yp/Makef lie file, remove the statement that begins 
$ (YPDBDiR) /$ (DOM) /auto_mapname. time. For example, if you 
were removing the auto_home map, you would remove the foil owing 
lines: 

$ (YPDBDIR)/$(DOM)/auto_home.time: $(DIR)/auto_home 

@(sed -e "s/"[ | ]*//g" -e "/''#/d" -e s/#.*$$// < 

$(DIR)/auto_home $(CHKPIPE)) | 

$(MAKEDBM) - $(YPDBDIR) /$(DOM)/aut 0 _home; 

@touch $(YPDBDIR)/$(DOM)/auto_home.time; 

@echo "updated auto_home"; 

@if [ ! $(NOPUSH) ]; then $(YPPUSH) -d $(DOM) auto_home; fi 
@if [ ! $(NOPUSH) ]; then echo "pushed auto_home"; fi 

5. I n the /var/yp/Makef lie file, remove the statement that begins 
auto_mapname:. For example, if you were removing the auto_home 
map, you would remove the following lines: 

auto_home: 

@if [ $(NOPUSH) ]; then $(MAKE) $(MFLAGS) -k \ 

$(YPDBDIR)/$(DOM)/auto_home.time DOM=$(DOM) DIR=$(DIR); \ 
else $(MAKE) $(MFLAGS) -k $ (YPDBDIR)/$(DOM)/auto_home.time \ 

DOM=$(DOM) DIR=$(DIR) NOPUSH=$(NOPUSH);fi 

6. On the master and on each of the slave servers, remove the map files, 
mapname. dir and mapname.pag from the directory where your 
maps are stored. The directory is called /var/yp/domainname, 
where domainname is the name of your NIS domain. For example, if 
you were removing the auto_home map from the Finance domain, 
you would issue the following commands on the master server and on 
each of the slave servers: 

cd /var/yp/Finance 
rm auto_home.dir auto_home.pag 

For more information, seethe man pages ypinit(lM), make(l), 

ypmake(lM), and ypfiles(4). 
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To Add a Slave Server to Your NIS Domain 

1. Log i n as root to the NIS master server. 

2. I ssue the following command, where domai nname is the name of the 
domain to which you want to add the slave server: 

cd /var/yp/domainname 

3. I ssue the following command to create an editable ASCI I textfile 
from the ypservers map: 

/usr/sbin/makedbm -u ypservers > tempfile 

4. Use a text editor to add the name of the new server to the ASCI I file, 

tempfile. 

5. I ssue the following command to regenerate the ypservers map from 
the ASCI I file: 

/usr/sbin/makedbm tempfile ypservers 

6. Log in as root to the new slave server and configure it as an Nl S slave 
server. See "Configuring and Administering an NIS Slave Server"on 
page 129. 

For more information, seethe man page for makedbm(lM) or 

ypf iles(4). 
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To Remove a Slave Server from Your NIS 
Domain 

1. Log i n as root to the NIS master server. 

2. Issue the following commands to create an editable ASCI I text file 
from the ypservers map: 

cd /var/yp/domainname 

/usr/sbin/makedbm -u ypservers > tempfile 

3. Use a text editor to remove the name of the slave server from the 
ASCII file, tempfile. 

4. Issue the following command to regenerate the ypservers map from 
the ASCI I file: 

/usr/sbin/makedbm tempfile ypservers 

5. Log in as root to the slave server. 

6. Remove all the map files from the map directory, and remove the map 
directory. The directory is called /var/yp/domainname, where 
domainnameisthenameof your NIS domain. For example, if you 
were removing a slave server from the Finance domain, you would 
issue the foil owing commands: 

cd /var/yp/Finance 
rm * 

cd . . 

rmdir Finance 

7. If the slave is not a slave server in any other NIS domain, use a text 
editor to set theNis_SLAVE_SERVER variable to 0 in the 

/etc/rc . conf ig . d/namesvrs file. 

NIS_SLAVE_SERVER=0 

8. If the slave is not a server in any other NIS domain, issue the 
following command to turn off Nl S server capability: 

/sbin/init.d/nis.server stop 

For more information, seethe man pages makedbm(lM) and ypfiies(4). 
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To Query BIND for Host Information After 
Querying NIS 

This section tells you how to set up server-side hostname fallback, 
which causes your NIS servers to query BIND for host information after 
querying Nl S. A server will search the Nl S hosts database first, but if 
the hosts database does not contain the requested information, the 
server will query theBIND name service. The server will return the host 
information to the clients through NIS. 

1. Configure your NIS servers as Bl N D name servers, or install an 
/etc/resolve. conf file on each server that allows it to query a 
BIND name server. See I nstalling and Administering Internet 
Services for more information. 

2. On the NIS master server, in the /var/yp/Makefiie file, set the b 
variableto -b, as follows: 

B=-b 

3. Issue the following command on the master server to change the 
modification time on /etc/hosts so that make will regenerate the 
hosts database: 

/usr/bin/touch /etc/hosts 

4. Issuethefol lowing commands to regenerate the Nl S maps on the 
master server and push them to the NIS slave servers: 

cd /var/yp 
/usr/ccs/bin/make 

5. On all the NIS servers in your domain, change the hosts line in the 
/etc/nsswitch. conf file tothefollowing: 

hosts: nis dns files 

Hewlett-Packard recommends that you use the Name Service Switch on 
your NIS cl ients i nstead of server-side hostname fal I back. H owever, if 
your NIS clients are PCs that do not have a feature I ike the Name 
Service Switch, use the server-side hostname fal I back described in this 
section if you want to force BIND lookups after NIS lookups. See 
"Configuring the Name Service Switch" on page 153. 
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To Use NIS With Short File Names 

1. Make sure the first 14 characters of your domain name uniquely 
identify your domain among the other NIS domains in your network. 

2. If you plan to use NIS to manage your automounter maps, keep the 
automounter map names to 10 characters or fewer. 

3. Log i n as root to the NIS master server. 

4. I n the /var/yp/Makefiie file, uncomment all the lines between 

START OF EXAMPLE and END OF EXAMPLE. (Remove the Sharp sign 
from the beginning of each line.) Do not uncomment the start of 
EXAMPLE and END OF EXAMPLE Iines. 

5. I n the /var/yp/Makefile file, delete everything after the END of 
EXAMPLE line. 

This procedure causes your NIS master server to use H P's proprietary 
ypmake Script instead of the Makefile. TheMakef ile does not support 
short filenames, but ypmake does. Type man 1M ypmake at the HP-UX 
prompt for more information. 
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To Configure an HP-UX Master Server in a 
Domain with Sun Systems 

1. Log in as root to the host that will be the master server. 

2. I f you have customized your H P M akefile, move it to 

/var/yp/Makefile.hp. 

3. Copy your Sun Makefile into the /var/yp directory on the HP 
system. 

If your Sun Makefile is not called Makefile, use a text editor to set 
theMAKEFiLE_NAME vari able to the name of your Sun Makefile in the 

/usr/sbin/ypinit Script. 

4. If you have customized your HP Makefile, add those changes into 
your Sun Makefile. 

5. I n the /usr/sbin/ypinit Script on the HP host that will be the 
master server, add the netmasks . byaddr, bootparams, 
ethers . byaddr, and ethers . byname maps to the MASTER_MAPS 

variable. 

6. On one of your Sun systems, locate or create an /etc/ethers file, an 
/etc/bootparams file, and an / etc/netmasks filethat contain all 
the information required by the Sun systems in your NIS domain. 

7. Copy the / etc/ethers, /etc/bootparams, and /etc/netmasks 

files to the HP host that will be the master server. 

8. Follow the instructions in 'To Enable Nl S Master Server Capability" 
on page 113. 
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Configuring and Administering an NIS 
Slave Server 

An NIS slave server provides information toNIS clients, taking some 
load off the Nl S master server and substituting for the master server 
when it is down. The NIS maps are created on the NIS master server and 
then transferred from the master server to the slave servers. Changes to 
NIS maps must be made on the NIS master server, which then pushes 
the changed maps to the NIS slave servers. 

An NIS slave server must also bean NIS client. 

The NIS master server must be configured and running before you start 
your slave servers. 

This section explains how to perform the following tasks: 

• To Edit the Slave Server's passwd File 

• To Edit the Slave Server's group File 

• ToEnableNIS SlaveServer Capability 

• To Verify Your NIS SlaveServer Configuration 

• To Schedule Regular Map T ransfers from the NIS Master Server 

• To Restrict Access to the Slave Server 
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To Edit the Slave Server's passwd File 

• Removeall users from the /etc/passwd file except the root user and 
the system entries requi red for your system to boot. By convention, 
system entries usually have user I Ds less than 100, so you can 
remove all entries with user I Ds of 100 or greater. 

• Add the following entry as the last line in the /etc/passwd file: 

+ ::-2:60001: : : 

The plus sign (+) causes processes to consult NIS for any user 
information not found in the local /etc/passwd file. 

The -2 in the user ID field restricts the access of people who may 
attempt to log in using "+"asa valid user name when NIS is not 
running. Anyone who successfully logs in as "+" will be granted only 
the access permissions of user nobody. 


CAUTION Do not put an asterisk (*) in the password field on H P systems. On Sun 

systems, an asterisk in the password field prevents people from logging 
i n as "+" when NIS is not runni ng. H owever, on H P systems, the asterisk 
prevents all users from logging in when NIS is running. 


The changes you make to the /etc/passwd file on an NIS slave server 
are the same changes you make on an Nl S client. Following is an 
example /etc/passwd file on an NIS slave server: 

root:OAnhFBmriKvHA:0:3::/:/bin/ksh 
daemon:*:1:5::/:/bin/sh 
bin:*:2:2::/bin:/bin/sh 
adm:*:4:4::/usr/adm:/bin/sh 

uucp:*:5:3::/usr/spool/uucppublic:/usr/lib/uucp/uucico 
lp:*:9:7::/usr/spool/lp:/bin/sh 
hpdb:*:27:1:ALLBASE:/:/bin/sh 
+ ::-2:60001 : : : 

For more information, type man 4 passwd at the FI P-UX prompt. 
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To Edit the Slave Server's group File 

• Remove all groups from the /etc/group file except the group entries 
required for your system to boot. 

• Add the following entry as the last line in the /etc/group file: 


The plus sign (+) causes processes to consult NIS for any group 
information not found in the local /etc/group file. The asterisk (*) 
in the password field prevents peoplefrom using the plus sign as a 
valid group name if Nl S is not running. 

The changes you make to the /etc/group file on an Nl S slave server 
are the same changes you make on an Nl S client. Following is an 
example /etc/group file on an NIS slave server: 

root::0:rootl,sam 

other::1: 

bin::2: 

sys::3: 

acim: : 4 : 

daemon::5: 

mail::6: 

Ip::7: 

+ : * : * 

For more information, type man 4 group at the FI P-UX prompt. 
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To Enable NIS Slave Server Capability 

1. Make surethe Nl S master server is already configured and running 
NIS. 

2. Log in as root to the host that will be the slave server. 

3. On the host that will be the slave server, ensure that the $path 
environment variable includes the following directory paths: 

• /var/yp 

• /usr/lib/netsvc/yp 

• /usr/ccs/bin 

4. Issuethefollowing command toset the Nl S domain name: 

/usr/bin/domainname domainnamG 

where domainname is the same as the domain name on the NIS 
master server. 

5. I n the /etc/rc . conf ig . d/namesvrs file, set the NIS_DOMAIN 

variable to the domain name: 

Nis_DOMAiN=domainname 

6. I n the /etc/rc . conf ig . d/namesvrs file. Set the 
Nis_SLAVE_SERVER and Nis_CLiENT Variables to 1, as follows: 

NIS_S LAVE_S ERVE R=1 
NIS_CLIENT=1 

If the slave server is a master server in another NIS domain, set the 
NIS_MASTER_SERVER Variable tO 1 and theNIS_SLAVE_SERVER 
variableto 0. The yppasswdd daemon, which is required on the 
master server, is started only if nis_master_server=i. 

7. Issue the following command toset up the Nl S slave server and copy 
the NIS maps from the master server: 

/usr/sbin/ypinit -s NIS_server_name [DOM=domainname] 

The NI S_server_name is the name of the master server or a slave 
server that has a complete set of up-to-date maps for the domain. If 
the slave server will serve a domain different from the one set by the 
domainname command, specify the domalnname after the 
NI S_server_name 

8. Issue the following commands to run the NIS startup scripts: 
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/sbin/init.d/nis.server start 
/sbin/init.d/nis.client start 

I n order to receive map updates from the NIS master server, you must 
add the new slave server to the ypservers map on the master server. 
See'ToAdd a Slave Server to Your NIS Domain" on page 124. 

For more information, see the foil owing man pages: domainname(l), 

ypinit(lM), and ypfiles(4). 


Chapter 4 


133 




Configuring and Administering NIS 

Configuring and Administering an NiS Siave Server 


To Verify Your NIS Slave Server Configuration 

1. Log in as root to the slave server. 

2. I n the / etc/rc . con fig. d/namesvrs file, add -ypset to the 
YPBiND_oPTioNS Variable: 

YPBIND_OPTIONS=''-ypset'' 

3. Issue the following commands to restart ypbind (the NIS client 
process) on the slave server: 

/sbin/init.d/nis.client stop 
/sbin/init.d/nis.client start 

4. Issue the following command to force the NIS client process on the 
slave server to bi nd to the server process on the same host: 

/usr/sbin/ypset slave_sa'va'_name 

5. Issue the foil owl ngcommand to check whethertheNIS slave server is 
working: 

/usr/bin/ypwhich 

The ypwhich command should return the host name of the slave 
server. If the ypwhich command does not return the name of the 
slave server, see'Troubleshooti ng N FS Services" on page 173. 

6. I n the /etc/rc. conf ig. d/namesvrs file, remove -ypset from the 
YPBiND_oPTioNS Variable: 

YPBIND_OPTIONS="" 

7. Issue the following commands to restart ypbind (the NIS client 
process) on the slave server: 

/sbin/init.d/nis.client stop 
/sbin/init.d/nis.client start 

For more information, see the foil owing man pages: ypbind(lM), 
ypset(lM), and ypwhich(l). 
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To Schedule Regular Map Transfers from the 
NIS Master Server 

1. Log in as rcxot to the slave server. 

2. Copy the ypxf r_lperdaY, ypxf r_2perday, and ypxf r_lperhour 

scripts from the /usr/newconfig/var/yp directory tO the /var/yp 
directory: 

cp /usr/newconfig/var/yp/ypxfr_lperday /var/yp 
cp /usr/newconfig/var/yp/ypxfr_2perday /var/yp 
cp /usr/newconfig/var/yp/ypxfr_lperhour /var/yp 

3. Create a crontab file that invokes these files at regular times. 
Following is an example crontab file: 

Q 21 * * * /var/yp/ypxfr_lperday 
30 5,19 * * * /var/yp/ypxfr_2perday 
]_5 * * * * /var/yp/ypxfr_lperhour 

This file runs the ypxfr_iperday script at 9:00 PM every night. It 
runs the ypxfr_2perday script at 5:30 AM and 7:30 PM everyday.lt 
runs the ypxf r_iperhour at 15 minutes past every hour. 

4. Issue the following command to enter the file into crontab, 
crontab filename 

where filename is the crontab file you just created. 

If you have created customized NIS maps for your domain, you will have 
to add them to the appropriate scripts. You can also use the scri pts 
provided as templates for creating your own scripts. 

I n some domains, transferring thepasswd maps once per hour generates 
too much network traffic. If you find this is the case, schedule transfers of 
thepasswd maps for less frequent intervals. 

If you have multiple slave servers, schedule map transfers for different 
ti mes on different servers, so al I the servers are not perform! ng transfers 
at the same time. 

For more information, see the foil owing man pages: cron(lM), 
crontab(l), and ypxfr(lM). 
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To Restrict Access to the Slave Server 

1. On the NIS slave server, create a file cal led /var/yp/securenets, if 
it does not already exist. 

2. Add lines to the file with the following syntax: 
address mask I P address 

The I P_address is the internet address of an Nl S client, NIS slave 
server, or subnet that may request NIS information or transfer NIS 
maps from the NIS master server. 

The address_mask indicates which bits in the I P_address field are 
important. If a bit isset in the address_mask field, the corresponding 
bit in the source address of any incoming NIS requests must match 
the same bit in the I P_address field. 

3. Issue the following commands to kill and restart the ypserv process: 

/sbin/init.d/nis.server stop 
/sbin/init.d/nis.server start 

If a client or slave host has multiple network interface cards, add a line 
to the securenets file for the IP address of each card. 

Typeman 4 securenets at the HP-UX prompt for more information. 

Examples from /var/yp/securenets 

The foil owing line from a /var/yp/securenets fileallowsonly the Nl S 
client at IP address 10.11.12.13 to request information from the NIS 
slave server. Because every bit is set in the address mask, the source IP 
address on the NIS request must match exactly, or the slave server will 
not return the requested information. 

255.255.255.255 10.11.12.13 

The following line from a /var/yp/securenets file allows any host on 
the network 10.11.12.0 to request NIS information or transfer NIS maps 
from the slave server. The last 8 bits of the IP address are ignored, 
because the I ast 8 bits of the address mask are set to 0. Any host whose 
IP address begins 10.11.12 will be allowed access to the slave server. 

255.255.255.0 10.11.12.13 
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Configuring and Administering an NIS 
Client 

An NIS client gets its configuration information from an NIS master 
server or an NIS slave server. When an NIS client is started, it sends out 
a broadcast message requesting a server. Any server on the client's 
network that holds the NIS maps for the client's domain may respond to 
the message. The NIS client "binds" to the first server to respond to its 
broadcast message, and that server answers all the client's queries for 
information. 

This section explains how to perform the following tasks. Only the first 
five tasks are necessary for getting your NIS client up and running. 

• To Edit the Nl S Client's passwd File 

• To Edit the Nl S Client's group File 

• To Enable Nl S Client Capability 

• ToVerify Your NIS Client Configuration 

• To Tel I U sers FI ow to U se yppasswd 

• To Prevent a Client from Binding to Unknown Servers 

• To Bind an NIS Client to a Server on a Different Subnet 
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To Edit the NIS Client's pas swd File 

• Removeall users from the /etc/passwd file except the root user and 
the system entries requi red for your system to boot. By convention, 
system entries usually have user I Ds less than 100, so you can 
remove all entries with user I Ds of 100 or greater. 

• Add the following entry as the last line in the /etc/passwd file: 

+ ::- 2 : 60001 : : : 

The plus sign (+) causes processes to consult NIS for any user 
information not found in the local /etc/passwd file. 

The -2 in the user ID field restricts the access of people who may 
attempt to log in using "+"asa valid user name when NIS is not 
running. Anyone who successfully logs in as "+" will be granted only 
the access permissions of user nobody. 


CAUTION Do not put an asterisk (*) in the password field on H P systems. On Sun 

systems, an asterisk in the password field prevents people from logging 
i n as "+" when NIS is not runni ng. H owever, on H P systems, the asterisk 
prevents all users from logging in when NIS is running. 


The changes you make to the /etc/passwd fileon an Nl S client are the 
same changes you make on an Nl S slave server. Following is an example 
/etc/passwd fileon an NIS client: 

root:OAnhFBmriKvHA:0:3: :/:/bin/ksh 

daemon:*:1:5::/:/bin/sh 
bin:*:2:2::/bin:/bin/sh 
adm:*:4:4::/usr/adm:/bin/sh 

uucp:*:5:3::/usr/spool/uucppublic:/usr/lib/uucp/uucico 
lp:*:9:7::/usr/spool/lp:/bin/sh 
hpdb:*:27:1:ALLBASE:/:/bin/sh 
+ ::-2:60001 : : : 

For more information, type man 4 passwd at the FI P-UX prompt. 
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To Edit the NIS Client's group File 

• Remove all groups from the /etc/group file except the group entries 
required for your system to boot. 

• Add the following entry as the last line in the /etc/group file: 


The plus sign (+) causes processes to consult NIS for any group 
information not found in the local /etc/group file. The asterisk (*) 
in the password field prevents peoplefrom using the plus sign as a 
valid group name if Nl S is not running. 

The changes you make to the /etc/group file on an Nl S client are the 
same changes you make on an Nl S slave server. Following is an example 
/etc/group fileon an NIS client: 

root::0:rootl,sam 

other::1: 

bin::2: 

sys::3: 

acim: : 4 : 

daemon::5: 

mail::6: 

Ip::7: 

+ : * : * 

For more information, type man 4 group at the FI P-UX prompt. 
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To Enable NIS Client Capability 

1. Make sure at least one Nl S master or slave server is running on the 
client's subnetwork. 

2. Log in as root tothe NlS client. 

3. On the NIS client, ensure that the $path environment variable 
includes the foil owing directory paths: 

• /var/yp 

• /usr/lib/netsvc/yp 

• /usr/ccs/bin 

4. Issuethefollowing command toset the Nl S domain name: 

/usr/bin/domainname domainnamG 

where domai nname is a domai n served by an NIS server on the 
client's subnetwork. 

5. I n the /etc/rc . conf ig . d/namesvrs file, set the NIS_DOMAIN 

variable to the domain name: 

Nis_DOMAiN=domai nname 

6. I n the /etc/rc . conf ig . d/namesvrs file. Set the NIS_CLIENT 

variableto 1, as follows: 

NIS_CLIENT=1 

7. Issue the following command to run the Nl S startup script: 

/sbin/init.d/nis.client start 

For more information, see the foil owing man pages: domainname(l), 

ypbind(lM), and nsswitch.con f(4). 
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To Verify Your NIS Client Configuration 

• Log into the NIS client and issue the following command: 

/usr/bin/ypwhich -m 

Theypwhich -m command lists all the Nl S maps avail able to the client 
and gives the name of the master server that serves each map. Your 
display should look something like this, where masternameisthe name 
of the master server for your domain: 

# /usr/bin/ypwhich -m 

vhe_iist mastername 
servi .bynp mastername 
services . byname mastB'name 
rpc.byname mastername 
protocols.bynumber mastername 
protocols . byname mastG'name 
rpc. bynumber mastername 
passwd.byuici mastername 
passwd.byname mastername 
networks. byname mastername 
networks. byaddr mastername 
netgroup. byuser maste'name 
netgroup. byhost mastername 
netgroup mastername 
hosts.byname mastername 
hosts.byaddr mastername 
group.byname maste'name 
group.bygid mastername 
pubiickey. byname mastername 
netid.byname mastername 
mail.byaddr mastername 
mail.aliases mastername 
auto_master mastername 
ypservers mastername 

If you do not see a similar display, see 'Troubleshooting NFS Services" on 
page 173. Typeman i ypwhich for more information on the ypwhich 
command. 
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ToTell Users How to Use yppasswd 

• Tdl all the users in your NIS domain that they must use 

/usr/bin/yppasswd or passwd -r nis instead of thepasswd 

command when they want to change their login passwords. 

• Tell users that, when they want to change their login passwords, they 
should do so just before they leave for the day. This will allow time for 
the updated NIS maps on the master server to be pushed to the slave 
servers. 

The yppasswd command is a link to thepasswd -r niscommand.lt 
changes the /etc/passwd file on the Nl S master server, regenerates the 
NIS passwd maps from the updated /etc/passwd file, and then pushes 
the NIS passwd maps to the slave servers. 

For more information, see the foil owing man pages: yppasswd(l), 

yppasswddflM), passwd(l), ypxfr(lM), and yppus h(lM). 
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To Prevent a Client from Binding to Unknown 
Servers 

1. On the Nl S client, createa file cal led /var/yp/secure servers, if it 
does not already exist. 

2. Add lines to the file with the following syntax: 

address mask I P address 

The I P_address is the internet address of an NIS server or the subnet 
of an NIS server from which the client will accept NIS information. 

The address_mask indicates which bits in the I P_address field are 
important. If a bit is set in the address_mask field, the corresponding 
bit in the address of any NIS server must match the same bit in the 
I P_address field. 

3. Issue the following commands to kill and restart the ypbind process: 

/sbin/init.d/nis.client stop 
/sbin/init.d/nis.client start 

If an NIS server host has multiple network interface cards, add a line to 
the secureservers file for the IP address of each card. 

If you start ypbind with the -ypset option and issue the ypset 
command to bind to a specific server, the /var/yp/secureservers file 
is ignored, and the cl lent may bind to any server. 

Type man IM ypbind at the HP-UX prompt for more information. 

Examples from /var/yp/secureservers 

The following line from a /var/yp/secureservers file allows the NIS 
client to bind only to the server at IP address 20.21.22.23. Because every 
bit is set in the address mask, the IP address of the NIS server must 
match the I P_address field exactly, or the client will not bind to it. 

255.255.255.255 20.21.22.23 

The following line from a /var/yp/secureservers file allows the 
client to bind toany Nl S server on the network 20.21.22.0. The last 8 bits 
of the server's IP address are ignored, because the last 8 bits of the 
address mask are set to 0. The client may bind to any server whose IP 
address begins 20.21.22. 

255.255.255.0 20.21.22.23 
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To Bind an NIS Client to a Server on a 
Different Subnet 

Hewlett-Packard recommends that you configure a server on each subnet 
whereyou haveNIS clients; however, if you cannot do that, follow these 
steps to force an NIS cl lent to bi nd to a server on a different subnet: 

1. Log in as root tothe NlS client. 

2. Add the -ypset option tothe ypbind_options variable in the 

/etc/rc . conf ig . d/namesvrs file, aS follows: 

YPBIND_OPTIONS=''-ypset'' 

3. I n the /etc/rc . conf ig . d/namesvrs file. Set the YPSET_ADDR 

variable to the IP address of an Nl S server, as in the following 
example: 

YPSET_ADDR=''15.13.115.168" 

4. Issue the following commands to restart the Nl S client: 

/sbin/init.d/nis.client stop 
/sbin/init.d/nis.client start 

If the server you specify in the ypset command is unavailable when 
your client boots up, your client will broadcast a request for a server to 
its local network. If no server exists on the local network, the client will 
hang. 

For more information, type man 1M ypset or man 1M ypbind. 
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Configuring and Administering Secure 
RPC 

Configuring secure RPC allows you to write applications that use secure 
RPC. You must be running Nl S in order to use secure RPC. 

NOTE Secure NFS, the ability to export and mount directories with the secure 

option, is not supported on HP-UX. 

Configuring and administering secure RPC involves the following tasks: 

• To Have Users Create their Secure RPC Keys 
or 

To Create Secure RPC Keys for Users 

• To Create Secure RPC Keys for Hosts 

• ToTell Users How to Use Secure RPC 
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To Have Users Create their Secure RPC Keys 

1. I n the /etc/pubiickey fileon the Nl S master server, make sure the 
entry for user nobody exists and is not commented out (is not 
preceded by #i. 

2. Tell each user in your NIS domain to issue the chkey command: 

/USr/bin/chkey 

At the Password prompt, the user should enter his or her login 
password. 

The chkey command displays a message sayi ng it is generating a key for 
Unix. Ul D@NI S_domain. This string identifies the user in the 
pubiickey .byname NIS map. Ul D is the user ID of the user for whom 
the key is being generated, and Nl S_domain is the default NIS domain, 
returned by the domainname command. 

The secure RPC key is encrypted with the user's login password. The 
/usr/bin/yppasswd command reencrypts the secure RPC key with the 
new password whenever a user changes the login password. 

I n order for users to create keys for themselves with the chkey 
command, the pubiickey .byname map must have an entry for user 
nobody. If you remove the entry for user nobody, users can change their 
secure RPC keys with the chkey command, but they cannot create keys 
if they do not al ready have them. 

For more information, see the foil owing man pages: pubiickey(4), 

chkey(l), and yppasswd(l). 
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To Create Secure RPC Keys for Users 

Use this prcxedure if you do not want users to be able to create their own 
secure RPC keys. 

1. Log i n as root to the NIS master server. 

2. Comment out the entry in the /etc/pubiickey filefor user nobody. 
(I nsert a sharp sign as the first character on the line.) 

3. I ssue the fol Iowi ng commands to regenerate the pubi i ckey. byname 
map from the /etc/pubiickey file and push it to the slave servers: 

cd /var/yp 

/usr/ccs/bin/make publickey 

4. Issuethenewkey -u Command for each user in your NIS domain: 

# /usr/sbin/newkey -u USO'naiTlG 

Enter a password when prompted for it by the newkey -u command. 

5. Tell users the passwords you assigned for them. Users should issue 
the /usr/bin/keyiogin command, using the passwords you 
assigned. Then, they should issue the /usr/bin/yppasswd 
command to change their login passwords. Theyppasswd command 
will reencrypt their secure RPC keys with their new login passwords. 

The newkey -u command displays a message saying it is adding a key 
for Unix . UI D@N I S_domain. This string identifies the user in the 
publickey .byname NIS map. Ul D is the user ID of the user for whom 
the key is being generated, and Nl S_domain is the default NIS domain, 
returned by the domainname command. 

For more information, see the fol I owing man pages: pubiickey(4), 

newkey(lM), chkey(l), keylogin(l), yppasswd(l), make(l), 

ypmake(lM), and yppush(lM). 
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To Create Secure RPC Keys for Hosts 

1. Log i n as root to the NIS master server. 

2. Issue the newkey -h command for each host in your NIS domain: 

# /usr/sbin/newkey -h hostname 

3. Enter the root password for hostname when prompted for it by the 
newkey -h command. 

4. On each host for which you havejust created a secure RPC key, log in 
as root. This registers the secure RPC password with the 

/usr/sbin/keyserv daemon. 

The newkey -h command displays a message saying it is adding a key 
for Unix. hostname@N I S_domain. This string identifies the host in the 

publickey.byname NIS map. 

Whenever you change the root password with thepasswd command, the 
passwd command automatically reencrypts the secure RPC key with the 
new root password. 

For more information, see the foil owing man pages: newkey(lM), 

publickey(4), passwd(l), and keyserv(lM). 
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To Tell Users How to Use Secure RPC 

Tell the users who require secure RPC authorization to follow these 

guidelines: 

• If you allow users to create their own secure RPC keys with the 
chkey command, they should enter their login passwords at the 
Password prompt. 

• If you usethenewkey -u Command to add users to the pubiickey 
database, users should issue the /usr/bin/keyiogin command 
using the password you assigned. Then, they should issue the 
/usr/bin/yppasswd command tochangetheir login passwords. The 
yppasswd command will automatically reencrypt their secure RPC 
keys with their new passwords. 

• When users log into a host without supplying a password (for 
example, when they use riogin to log into a host that has their local 
host configured in /etc/hosts. equiv), they should issue the 
/usr/bin/keyiogin command after logging in, to register the 
secure RPC password with the /usr/sbin/keyserv daemon. 

For more information, see the foil owing man pages: pubiickey(4), 

newkey(lM), chkey(l), keylogin(l), yppasswd(l), rlogin(l). 
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Summary of NIS Commands 


Table 4-1 Summary of NIS Commands 


chkey(l) 

Creates or changes a secure RPC key. 

domainname(l) 

Sets or displays the nameof the Nl S domain. 

keyloginfl) 

Decrypts and stores a secure RPC key. keyiogin is called when a user 
logs in, but the user must issue keyiogin if no password was 
provided at login or if a password other than the login password was 
used to encrypt the secure RPC key. 

keylogout(l) 

Deletes a stored decrypted secure RPC key. 

makedbmflM) 

Generates an Nl S map from an ASCI I input file. 

newkey(lM) 

Creates a secure RPC key for a user or host. 

ypcat(l) 

Prints all the values in an NIS map. 

ypinit(lM) 

Sets up an NIS master server or slave server. 

ypmakeflM) 

Generates one or more NIS maps from ASCI I files and optionally 
pushes them to NIS slave servers. /var/yp/Makefiie andmake(l) 
do the same thing. 

ypmatch(l) 

Prints the values associated with one or more selected keys in an NIS 
map. 

yppasswd(l) 

Changes a login password stored in the Nl S passwd map. 

yppollflM) 

Returns the nameof the master server for an Nl S map and the time 
when the map was built. 

yppush(lM) 

Forces NIS si ave servers to transfer one or more NIS maps from the 
master server. Slave servers use ypxf r to transfer the maps, ypmake 
calls yppush unless it is invoked with nopush=i. 

ypsetflM) 

Tells an NIS client process (ypbind[lM]) to bind to a specified NIS 
server, ypset can be used only if ypbind is invoked with the -ypset 
option. 
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ypwhich(l) 

Returns the name of the NIS server for the local client or the name of 
the NIS master server for one or more NIS maps. 

ypxf r(lM) 

Transfers one or more NIS maps from a master server to the local 
slave server. A slave server calls ypxfr when yppush is executed on 
the master server. 
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The Name Service Switch determines where your host will look for the 
information that is traditionally stored in the following files: 

• automounter maps (like /etc/auto_master and /etc/auto_home) 

• /etc/hosts 

• /etc/netgroup 

• /etc/networks 

• /etc/protocols 

• /etc/rpc 

• /etc/services 

You can configure your host to look for each type of i nformation I n NIS or 
the local /etc file. You can configure your host to consult either or both 
of these sources, in any order. 

For host information (host names and IP addresses), you can configure 
your host to consult BIND (DNS) in addition to Nl S or the local 

/etc/hosts file. 

The default Name Service Switch configuration is adequate for most 
installations, so you probably do not have to change it. The default 
configuration is explained in "Default Configuration" on page 160. 

The ability to consult morethan one name service for host information is 
often called hostname fallback. The Name Service Switch provides 
client-side hostname fallback, because it is used by client-side 
programs (for example, gethostbyname), which request host 
information. 

NIS al lows you to configure a server-side hostname fallback, which 
causes the NIS server to query BIND when it fails to find requested host 
information in its database. The Nl S server then returns the host 
information to the cl lent through NIS. This server-side hostname 
fallback is intended for use with clients like PCs that do not have a 
feature I ike the Name Service Switch. Hewlett-Packard recommends 
that you use the Name Service Switch if possible, instead of the 
server-side hostname fall back provided by NIS. For more information on 
the NIS server-side hostname fall back, see 'To Query Bl ND for Host 
I nformation After Querying NIS" on page 126. 

You can use SAM to configure the Name Service Switch. Type sam at the 
HP-UX prompt. 
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This chapter tells you how to configure the Name Service Switch. It 
contains the following sections: 

• Customizing the nsswitch.conf File 

• Syntax of the nsswitch.conf File 

• Default Configuration 

• Troubleshooting the Name Service Switch 


NOTE Configuri ng the N ame Service Switch is a separate task from configuri ng 

the name services themselves. You must alsoconfigurethe name services 
beforeyou can use them. The Name Service Switch just determines 
which name services are queried and in what order. 
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Customizing the nsswitch. conf File 

The configuration filefor the Name Service Switch is called 
/etc/nsswitch.conf. I f this file does not exist, the system hasa 
default Name Service Switch configuration, described in "Default 
Configuration" on page 160, later in this chapter. 

Sample Name Service Switch configurations are located in the 

/usr/examples/nsswitch directory. 

Following are some suggestions for customizing your Name Service 
Switch configuration: 

• If you want your system to consult the local /etc/netgroup file 
when it fails to find a netgroup in the Nl S netgroup database, create 
or modify the netgroup li ne i n the /etc/nsswitch .conf file as 
follows: 

netgroup: nis [NOTFOUND=continue] files 

• If you want your system to consult BIND (DNS) when it fails to find a 
host namein NIS, createor modify the hosts linein the 

/etc/nsswitch . conf file aS follows: 

hosts: nis [NOTFOUND=continue] dns files 

With this configuration, if Nl S does not contain the requested 
information, and Bl ND is not configured, the /etc/hosts file is 
consulted. 

• If you want your system to consult Nl S if it fails to find a host name 
in Bl ND or if the BIND name servers are not responding, create or 
modify the hosts line in the /etc/nsswitch. conf file as follows: 

hosts: dns [NOTFOUND=continue TRYAGAIN=continue] nis files 

With this configuration, if Bl ND does not return the requested 
information, and NIS is not running, the /etc/hosts file is 
consulted. 

HP recommends that you maintain at least a minimal /etc/hosts file 
that includes important addresses Iikegateways, diskless boot servers 
and root servers, and your host's own IP address. H P also recommends 
that you include the word files in the hosts line to help ensure a 
successful system boot using the /etc/hosts file when BIND and NIS 
are not available. 
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CAUTiON 


Changing the default configuration can complicatetroubleshooting. The 
default configuration is designed to preserve the authority of the name 
service you are using. It switches from Bl ND to Nl S only if Bl ND is not 
enabled. It switches from Nl S to the local /etc file only if Nl S is not 
enabled. It is very difficult to diagnose problems when multiple name 
servers are configured and enabled for use. 

For more information on the Name Service Switch, typeman 4 switch 
at the HP-UX prompt. 
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Syntax of the ns switch. conf File 

Each line in the /etc/nsswitch. conf file has the following syntax: 

lookup type nameservice [status=action status=action ...] nameservice ... 

If you include any status=action pairs after a name service, the square 

brackets are required. 

lookup_type The type of information to be looked up. The supported 
keywords and the information types they represent are 
listed in Table 5-1. These keywords are case-sensitive. 

name_servi ce One of the fol I owi ng name servi ces to use for the type of 

information in the lookup_typefield. These keywords 
must be in lowercase. 

files Files in the /etc directory on the 

local host (/etc/hosts, 
/etc/services, and SOOn). 

nis Network Information Service (NIS). 

dns Domain Name System (DNS), which 

is implemented by Berkeley I nternet 
Name Domain (Bl ND) on H P-UX. 
Seethe I nstalling and Administering 
I nternet Services manual for more 
information. The dns keyword may 
be used only on the line beginning 
with hosts. 

status One of the following statuses returned by a name 

service query. These values may be entered in 
uppercase or lowercase. 

SUCCESS The lookup was successful, and the 

requested information was found. 

NOTFOUND The name service returned a 

response, but the requested data was 
not in its database. 

UNAVAIL The name service is not configured. 
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TRYAGAiN The name service was busy and the 
request timed out. This value is 
returned only by DNS. 

action The action to take based on the status of the name 

service query. The following values may be entered in 
uppercase or lowercase. 

continue Try the next name service in the list. 

return End the lookup and return control to 

the cal ling process without consulting 
the next name service in the list. 

If a line beginning with one of the lookup_types does not exist in the 
/etc/nsswitch. conf file, the default Name Service Switch 
configuration for that type of information is used. If the 
/etc/nsswitch. conf filedoes not exist, the default configuration is 
used for every type of information. The default Name Service Switch 
configuration is described in "Default Configuration" on page 160. 


Table 5-1 Types of Lookups Controlled by the Name Service Switch 


Keyword 

Type of Information Represented by Keyword 

automount 

NFS automounter maps stored in files like /etc/auto_master and 
/etc/auto_home or in NI S maps like auto .master and auto . home. 

hosts 

Host names and IP addresses stored in the /etc/hosts file or the 

NI S hosts . byaddr and hosts . byname maps. 

netgroup 

NFS netgroups stored in the / etc/netgroup file or the Nl S 

netgroup,netgroup.byhost and netgroup.byuser maps. 

networks 

Network names and IP addresses stored in the /etc/networks fileor 
the NIS networks.byaddr and networks.byname maps. 

protocols 

Networking protocol names and numbers stored in the 

/etc/protocols file or the NI S protocols . byname and 
protocols .bynumber maps. 

rpc 

RPC program names and numbers stored in the /etc/rpc file or the 

NIS rpc.byname and rpc.bynumber maps. 

services 

Mapping of networking services to port numbers and protocols, stored 

in the /etc/services file or the NI S services .byname and 
services. bynp maps. 
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Default Configuration 

A default ns switch . conf file is Supplied in the /usr/newconf ig/etc 

directory. It cental ns the following lines: 


hosts: 

dns 

nis 

protocols: 

nis 

files 

services: 

nis 

files 

networks: 

nis 

files 

netgroup: 

nis 

files 

rpc: 

nis 

files 


This is the default configuration. I n other words, if you copy 

/usr/newconfig/etc/nsswitch.conf tO /etc/nsswitch.conf, 

the N ame Service Switch behaves the same way it would if no 

/etc/ ns switch .conf file existed. 

If your /etc/ns switch, conf file Contains a syntactically correct line 
for a particlar type of information, that line is used instead of the default. 

If you specify a name service for a particular type of information, but you 
do not specify four status=action pairs after the name service, the 
following default status=action pairs are used for any statuses you did 
not specify: 

SUCCESS=return 

NOTFOUND=return 

UNAVAIL=continue 

TRYAGAIN=return 

So, for example, in the default configuration for protocols, Nl Swill be 
consulted first, and if Nl S is not configured (the query returns unavail), 
the local /etc/protocois file will be consulted. If the query returns 
anything other than unavail, the /etc/protocols file will not be 
consulted. 
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Figure 5-1 illustrates the default behavior of the Name Service Switch for 
host information lookups. 

Figure 5-1 Default Behavior of the Name Service Switch 
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Troubleshooting the Name Service 
Switch 

This section describes the following methods for troubleshooting your 
Name Service Switch configuration: 

• To Check the Syntax of the hosts Line 

• To Check the Current hosts Configuration 

• ToTrace a Host Name Lookup 

To Check the Syntax of the hosts Line 

To check the syntax of the hosts line in /etc/nsswitch.conf file, 
start nsiookup with the swdebug option, as follows: 

nslookup -swdebug 

You will seethe output of the parser as it reads the hosts line in your 
ns switch, con f file. If your hosts line is syntactically correct, you will 

seethe line_nsw_getconfig: PARSE SUCCESSFUL. If your hosts 

line contains a syntax error, you will seethe line_nsw_getconfig: 

ERR-SYNTAX ERROR. 

The following example checks the syntax of a hosts line that is missing 
a closing square bracket: 

# cat /etc/nsswitch.conf 

hosts: dns [notfound=continue] nis [notfound=continue files 

# nslookup -swdebug 

_nsw[/etc/nsswitch.conf] l->hosts: dns [notfound=continue] nis [notf 

ound=continue files 

_nsw[/etc/nsswitch.conf]LS->L<hosts>L<:>L<dns>L<[>L<notfound>L<=>L<c 

ontinue>L<] >L<nis>L< [>L<notfound>L<=>L<continue>L<files>''Missing ='' 

_nsw.error_recovery: ERR- Error Recovery Completed 

_nsw_getconfig: ERR- SYNTAX ERROR 

_nsw_getdefault: default hosts lookup policy 

Default Name Server: hpindbu.cup.hp.com 

The parser indicates the error with carats (^). In this case, the parser 
reads the word flies as another status foil owing notfound=continue, 
because it has not encountered a closing square bracket. If the word 
flies were a status, it must be followed by an equal sign, and it is not. 
So the parser displays the message ^Missing =^. 
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NOTE 


The parser checks only the position of the elements with respect to the 
delimiters :, and ]. It does not check the spelling of all the elements. 
For example, if you type dsn instead of dns, you receive the parse 
SUCCESSFUL message. However, when you attempt a host name lookup, 
dsn is not a known name service, so DNS is not queried, and the lookup 
switches to the next configured source. 


To Check the Current hosts Configuration 

To check the Name Service Switch configuration that your system is 
currently using for host information, start nsiookup and issue the 
policy command, as follows: 

• nsiookup 
> policy 

The output for the default configuration is as follows: 

• Lookups = 3 

dns [RRCR] nis [RRCR] files [RRRR] 

The letters in square brackets stand for (R)eturn or (c)ontinue. They 
represent the values of the four status values, success, notfound, 
UNAVAIL, and tryagain. In the example, thestatus=action pairs 
configured for dns and nis are 

• SUCCESS=return 

• NOTFOUND=return 

• UNAVAIL=continue 

• TRYAGAIN=return 

For the following hosts line 

hosts: dns [NOTFOUND=continue] files 

the policy command displays the foil owing: 

• Lookups = 2 

dns [RCCR] files [RRRR] 

To stop the nsiookup program, type exit. 
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To Trace a Host Name Lookup 

To trace a host name lookup, start nsiookup, set the swtrace option, 
and perform a lookup, as follows: 

# nsiookup 

> set swtrace 

> hcstname 

For the ns switch. conf file containing the hosts line 

hosts: dns [NOTFOUND=continue] nis [NOTFOUND=continue] files 

the following exampletries all three name services before it finds an 
answer: 

# nsiookup 

> set swtrace 

> roraney 

Name Server: hpindbu.cup.hp.com 
Address: 15.13.104.13 

lookup source is DNS 

Name Server: hpindbu.cup.hp.com 

Address: 15.13.104.13 

*** hpindbu.cup.hp.com can't find romney: Non-existent domain 

Switching to next source in the policy 
lookup source is NIS 
Default NIS Server: hpntc43c 
Address: 15.13.119.52 

Aliases: hpntc43c.cup.hp.com, hpntc43c-119, 3c-119 

*** No address information is available for "romney" 

Switching to next source in the policy 
lookup source is FILES 
Using /etc/hosts on: hpntc2k 

Name: romney 
Address: 15.13.104.128 


NOTE If you do not set swtrace, nsiookup displays only the first name service 

where it looks for a host, even if it finds the host in another name service. 
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The Remote Execution Facility (REX) allows you to execute commands 
on a remote host. REX is similar to the remsh(l) command, except REX 
simulates the user's home environment on the remote host and mounts 
the user's current working directory on the remote host. REX consists of 
the foil owing: 

• The on command, which is the user interface to REX and runs on the 
host where the user is logged in. The host where the on command is 
issued is known as the REX client. 

• The rexd daemon, which runs on the remote host. The host running 
the rexd daemon is known as the REX server. 

This chapter contains the following sections: 

• How REX Works 

• Configuring REX 
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How REX Works 

1. A user issues the on command, specifying a command to execute and 
the name of a remote host on which to execute it. 

The user must be logged in as a non-root user (a user with a non-zero 
user ID) to usetheon command. Also, an account with the user's local 
user ID must exist on the remote host. 

2. The on command passes the user's environment variables to the 
remote host. If the command is interactive, the on command also 
passes some of the user's tty setti ngs to the remote host. N ote that 
the user's environment and tty settings on the remote system will 
not be identical to those on the user's home system. 

3. The rexd daemon running on the remote host NFS-mounts the user's 
current working directory on the remote host, if it is not already 
mounted there. 

By default, rexd mounts the user's current working directory under 
/var/spool/ rexd/rexdAXXXX/current_directory, where AXXXX 
is a letter followed by a four-digit number, and current_directory is 
the full pathname of the user's current working directory on the local 
system. 

4. The command that the user specified with the on command is 
executed on the remote host (the REX server). If the user did not 
specify a command to execute, a shell is started on the REX server. 

5. After the command has executed on the REX server, rexd unmounts 
the user's current working directory. If the directory is busy, rexd will 
not be able to unmount it. 

For more information on REX, typeman im rexd or man i on at the 

HP-UX prompt. 
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REX Example 

I n the foil owing example, user tracy is logged into host sage. Her 
current working directory is her home directory, /home/sage/tracy. 
She issues the on command to run more on host thyme: 

on -i thyme more /etc/exports 

The-i option is required, because more is an interactive command. 

tracy's home environment on host sage is transfered to host thyme, 
tracy's current working directory (her home directory, in this example) 
is mounted on host thyme. 

Figure 6-1 REX Example 


sage thyme 



The more command from the /usr/bin directory on host thyme 
executes, listing the /etc/exports file from host thyme. The output of 
the more command is directed to tracy's display on host sage. 


After tracy types q to quit the more program, her current working 
directory is unmounted from host thyme. 
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Configuring REX 

This section tells you how to set up REX clients and REX servers. It also 
explains how to configure added security for REX servers and how to 
configure logging for the rexd daemon. 

To Configure REX 

1. Make sure all the hosts to which users need access are listed in your 
hosts database (Bl N D, NIS, or / etc/hosts). 

2. Make sure users have accounts on all the hosts they need to use. 
Make sure the user ID for each user is the same on all hosts where 
that user has an account. 

I f you are usi ng NIS, and users do not need access to any hosts 
outside your NIS domain, this step is not necessary. With NIS, user 
accounts are administered centrally on theNI S master server, and all 
hosts have access to the same user information. See "Configuring and 
Administering NIS"on page 101 for instructions on setting up NIS. 

3. Makesureall REX clients (hosts from which users will issue theon 
command) are configured as NFS servers. See "Configuring and 
Administering an NFS Server" on page 22. 

4. Make sure users'home directories on all REX clients are exported to 
REX servers (available to be mounted with NFS). See 'To Make 
Directories Availableto NFS Clients (Export Directories)"on page 
23. 

5. Makesureall REX servers (hosts where the rexd daemon will run) 
are configured as NFS clients. See "Configuring and Administering 
an NFS Client"on page 33. 

6. Use a text editor to uncomment the following line in the 
/etc/inetd. conf file, which starts rexd: 

rpc stream tcp nowait root /usr/sbin/rpc.rexd 100017 1 rpc.rexd 

7. Issue the following command to force inetd to reread its 
configuration file: 

/usr/sbin/inetd -c 
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To Configure REX Security 

1. On each REX server, add the -r option to the line in 
/etc/inetd.conf that starts the rexd daemon, as follows: 

rpc stream tcp nowait root /usr/sbin/rpc.rexd 100017 1 \ 
rpc.rexd -r 

2. Issue the following command to force inetd to reread 
/etc/inetd.conf: 

/usr/sbin/inetd -c 

3. Add lines to the /etc/hosts. equiv file on the REX server to allow 
REX clients to use the server, 

or 

have each REX user add lines to a .rhosts file in the user's home 
directory on the REX server to allow access from REX clients. 

The -r option causes rexd to deny requests from a user on a REX client 
unless the client is listed in /etc/hosts .equiv or the user's 
$HOME/ . rhosts fileon the REX server. 

A line in the / etc/hosts. equiv or $home/ . rhosts file has the 
following syntax: 

hostname [USernaiTlG] 

For example, if user pauia has accounts on REX clients broccoli and 
cabbage and on REX server cauliflower, she would createa . rhosts 
file in her home directory on cauliflower with the following lines: 

broccoli pauia 
cabbage pauia 

CAUTION The /etc/hosts . equiv and $HOME/ . rhosts files create a significant 

security risk. Make sure these files and users' home directories are 
writable only by the owner. 

For more information, seethe man pages for rexd(lM ) and 

hosts . equiv(4). 
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To Configure Logging for the rexd Daemon 

1. Use a text editor to add the -1 Iog_fiIeoption to the line in 
/etc/inetd. conf that starts rexd, as in the following example: 

rpc stream tcp nowait root /usr/sbin/rpc.rexci 100017 1 \ 

rpc.rexd -1 /var/adm/rexd.log 

2. Issue the following command to force inetd to reread its 
configuration file: 

/usr/sbin/inetd -c 

When logging is turned on, rexd logs any diagnostic, warning, and error 
messagestolog_file If log_file exists, rexd appends messages to the file. 
If log_filedoes not exist, rexd creates it. Messages are not logged if the 
-1 option is not specified. 

Information logged to the file includes date and time of the error, host 
name, process ID and name of the function generating the error, and the 
error message. 

Different RPC services can share a single log file, because enough 
information is included to uniquely identify each error. 

Type man iM rexd for explanations of the messages logged by the rexd 
daemon. 

M any of the errors logged by rexd are also returned to the user who 
issued the on command. Type man i on for explanations of the 
messages returned by the on command. 
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Troubleshooting NFS Services 


This chapter describes tcxols and prcx:edures for troubleshooti ng the NFS 
Services. It contains the foil owing sections: 

• Common Problems with NFS 

• Common Problems with NIS 

• Performance Tuning 

• Logging and Tracing of NFS Services 

• Normal System Startup 
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Common Problems with NFS 

This section lists the foil lowing common problems encountered with NFS 
and suggests ways to correct them. 

• I f You Receive an N FS "Server Not Respond! ng" Message, see 
page 176. 

• I f You Receive an "Access Denied" M essage, see page 179. 

• If You Receive a "Permission Denied" Message, see page 180. 

• I f You Receive an "U nknown H ost" or "N ot I n H osts Database" 
Message, see page 182. 

• If You Receive a "Device Busy" Message, see page 183. 

• If You Receive a "Stale File Handle" Message, see page 184. 

• I f a P rogram H angs, see page 186. 

• If Data is Lost Between the Client and the Server, see page 188. 

• If You Cannot Start New Processes, see page 190. 

• If You Receive a 'Too Many Levels of Remote in Path" Message, see 
page 191. 
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If You Receive an NFS "Server Not 
Responding" Message 

□ Issuethe /usr/sbin/ping(lM ) command on the NFS client to make 
sure the NFS server is up and is reachable on the network. I f the 
ping command fails, either the server is down, or the network has a 
problem. If the server is down, reboot it, or wait for it to come back up. 
For information on troubleshooting network problems, see I nstalling 
and Administering LAN/ 9000 Software 

□ I ssuethe following command on the NFS client to make sure the 
server is running all the NFS server processes: 

/usr/bin/rpcinfo -p servemame 

The rpcinfo command should display the foil owing processes: 

• portmap 

• nf s 

• mountd 

• status 

• nlockmgr 

• llockmgr 

If any of these processes is not running, follow these steps: 

1. M ake sure the /etc/rc.config.d/nfsconffileontheNFS 
server contains the following lines: 

NFS_SERVER=1 

START_MOUNTD=l 

2. Make sure that the /etc/inetd. conf fileon theNFS server 
does not contain a line to start rpc. mountd. If it does, make sure 

the START_MOUNTD Variable in /etc/rc . conf ig . d/nf sconf is 

set to 0. 

3. I ssuethe foil owing command on the NFS server to start all the 
necessary NFS processes: 

/sbin/init.d/nfs.server start 

□ I ssuethe following command on the NFS client to make sure the 
rpc. mountd process on the NFS server is available and responding 
to RPC requests: 
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/usr/bin/rpcinfo -u Servername mountd 

Iftherpcinfo command returns rpc_timed_out, the rpc.mountd 

process may be hung. Issue the following commands on the NFS 
server to restart rpc .mountd (PI D is the process ID returned by the 
ps command): 

/usr/bin/ps -ef | /usr/bin/grep mountd 
/usr/bin/kill PID 
/usr/sbin/rpc.mountd 

□ You can receive "server not responding" messages when the server or 
network is heavily loaded and the RPC requests are timing out. Try 
doubling the timeo mount option for the directory, as in the following 
example from the / etc/f stab file, which changes the timeo value 
from 7 (the default) to 14. (The timeo option Is in tenths of a second.) 

cabbage:/usr /usr nfs nosuid,timeo=14 0 0 

□ Issue the following command on the NFS client to check that your 
hosts database returns the correct address for the NFS server: 

/usr/bin/nsiookup sa'va'_name 

I f your cl lent cannot resolve the server's hostname, see "I f You 
Receive an "U nknown H ost" or "N ot I n H osts Database" M essage" on 
page 182. 

Issue the same nsiookup command on the NFS server, and compare 
the address with the one returned by the nsiookup command on the 
NFS client. If they are different, correct your N IS, BIND, or 
/etc/hosts configuration. For information on NIS troubleshooting, 
see "Common Problems with NIS" on page 192. For information on 
Bl ND or /etc/hosts, see I nstalling and Administering I nterndt 
Services. 

□ If you are using AutoFS, issue the ps -ef command to makesurethe 
automountd process is running on your NFS client. If it is not, follow 
these steps: 

1. Makesurethe AUTOMOUNT variable is set to 1 in the 

/etc/rc.config.d/nfsconf fileon the NFS client. 

AUTOMOUNT=l 

2. Issue the foil owing command on the NFS client to start the 
automounter: 

/sbin/init.d/nfs.client start 
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□ I f the "server not respond! ng" message was followed by 

RPC_AUTH_ERROR; why=AUTH_BOGUS_CREDENTIAL, this COUld 

mean that you (or the user who received the message) are a member 
of too many groups. On H P-UX release 9.0 or later, you can be a 
member of up to 16 groups. On H P-UX releases prior to 9.0, you can 
be a member of up to 8 groups. 
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If You Receive an "Access Denied" Message 

□ Issue the foil owing command on the NFS client to check that the NFS 
server is exporting the directory you want to mount: 

/usr/sbin/showmount -e Sa'va'_name 

If the server is not exporting the directory, edit the /etc/exports 
fileon the server so that it allows your NFS client access tothe 
directory. Then, issue the foil owing command to force the server to 
read its /etc/exports file. 

/usr/sbin/exportfs -a 

If the directory is exported with the access option, make sure your 
NFS client is included in the access list, either individually or as a 
member of a netgroup. 

□ If your NFS client is included in the access list as a member of a 
netgroup, make sure it is a member of the netgroup in the server's 

/etc/netgroup file. 

If you are using NIS to manage your netgroups, issue the following 
command to determine whether your NIS server has up-to-date 
information about the netgroup that includes your client: 

/usr/bin/ypmatch netgrOup_name netgroup 

I f your NIS server does not return the correct i nformation, see 
"Common Problems with NIS" on page 192. 

□ Issue the following commands on the NFS server to make sure your 
NFS client is listed in its hosts database: 

nsiookup dient_namG 
nsiookup client_l P_address 

If the server cannot resolve your client's hostname, see "If You 
Receive an "U nknown H ost" or "N ot I n H osts Database" M essage" on 
page 182. 

□ If rpc.mountd is Configured in /etc/inetd. conf on the NFS 
server, check the server's /var/adm/inetd. sec file to make sure 
your NFS client is allowed access to rpc. mount d. 
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If You Receivea 'Permission Denied" Message 

□ Check the mount options in the / etc/f stab file on the NFS client. A 
directory you are attempting to write to may have been mounted 
read-only. 

□ Issuetheis -i command to check the HP-UX permissions on the 
server directory and on the client directory that is the mount point. 
You may not be al lowed access to the di rectory. 

□ Issue the following command on the NFS server: 

/usr/sbin/exportfs 

Or, issue the foil owing command on the NFS client: 

/usr/sbin/showmount -e serva'_name 

Check the export permissions on the exported directory. The directory 
may have been exported read-only to your client. The system 
administrator of the NFS server can use the remount mount option 
to mount the directory read/write without unmounting it. See 'To 
Change the Default Mount Options" on page 40. 

If you are logged in as root to the NFS client, check the export 
permissions to determine whether root access to the directory is 
granted to your NFS client. 

□ If you are logged in as root to the NFS client, and your client is not 
allowed root access to the exported directory, check the passwd 
database on the N F S server to determi ne whether it contai ns an 
entry for user nobody. Without root access, the root user on an N F S 
client is given the access permissions of user nobody. Also, check 
whether anonymous users aredenied access to the directory (with the 
anon=65535 export option). 

If your client is not allowed root access or anonymous user ID access 
to the exported di rectory, log i n as a non-root user to get access to the 
directory. 

□ If you are not running NIS, or if the server is in a different domain 
from the client, check the passwd databases on the server and the 
client to make sure you have a valid login on both machines and that 
your user ID isthesameon both machines. If your user ID is 
unrecognized on the NFS server, you will be granted the permissions 
of user nobody. 
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□ I f you were attempti ng to run a program when you received the 
"permission denied" message, issue the is -i command on the NFS 
server to check whether the program you tried to run has the setuid 
bit set. If it does, check /etc/fstab todetermine whether the 
directory was mounted with the nosuld mount option. If necessary, 
remove the nosuld option from the /etc/fstab file, then unmount 
and remount the directory. 
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If You Receive an 'Unknown Host" or "Not In 
Hosts Database" Message 

□ Issue the following commands to trace a lookup of the unknown host: 

nslookup 

> set swtrace 

> hcstname 

The trace will indicate which name services (BIND, Nl S, or 
/etc/hosts) were queried and in what order. If your host is not 
performing lookups the way you want, see "Configuring the Name 
Service Switch"on page 153 for instructions on configuring the Name 
Service Switch. 

Type exit to exit from nslookup. 

□ If your host is using the /etc/hosts file to resolve hostnames, edit 
the file to add or correct the entry for the unknown host. Type man 4 
hosts for the correct syntax. 

□ If your host is using Nl S to resolve hostnames, see "Common 
Problems with NIS" on page 192. 

□ If your host is using Bl ND (DNS) to resolve hostnames, see I nstalling 
and Administering I nternd; Services for instructions on 
troubleshooting BIND. 
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If You Receive a '"Device Busy" Message 

□ I f you received the "device busy" message while attempting to mount 
a directory, try to access the mounted directory. If you can access it, 
then it is already mounted. 

□ I f you received the "device busy" message whi le attempti ng to 
unmount a directory, a user or process is currently using the 
directory. Wait until the process completes, or follow these steps: 

1. Issue the foil owing command to determine who is using the 
mounted directory: 

/usr/sbin/fuser -cu IOCal_mOunt_point 

The fuser(lM ) command will return a list of process I Ds and user 
names that are currently using the directory mounted under 
local_mount_point. This will help you decide whether to kill the 
processes or wait for them to complete. 

2. To kill all processes using the mounted directory, issue the 
following command: 

/usr/sbin/fuser -ck local_mount_point 

3. Try again to unmount the directory. 
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If You Receive a "Stale File Handle" Message 

A "stalefilehandle"cx;curswhen one cl lent removes an NFS-mounted file 
or directory that another client has open, as in thefollowing sequence of 
events: 


NFS client 1 

1 % cd /projl/source 

2 

3 

4 % Is 

Stale File Handle 


NFS client 2 


% cd /projl 
% rm -Rf source 


If a server stops exporting a directory that a client has mounted, the 
client will receive a stale file handle error. Stale file handles also occur if 
you restore the NFS server's file systems from a backup or randomize the 
inode numbers with fsirand(lM). 

□ If the stale file handle occurred because someone removed a file or 
directory that was in use, or because a server stopped exporting a 
directory that was in use, follow these steps: 

1. Issue the /usr/bin/cd command to move out of the 
NFS-mounted directory that is causing the problem, then try 
unmount! ng the di rectory: 

/usr/bin/cd .. 

/usr/sbin/umount directory 

2. If the directory cannot be unmounted because it is busy (in use), 
issue the following commands to kill the processes using the 
directory and to try again to unmount it: 

/usr/sbin/fuser -ck IOCal_mOunt_point 
/usr/sbin/umount IOCal_mOunt_point 

3. If the directory still cannot be unmounted, reboot the client. 

4. To avoid stale file handles caused by users deleting NFS-mounted 
files, try using a source code control system, like Revision Control 
System (RCS). A source code control system allows only one user 
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at a time to modify a file or directory, so one user cannot remove 
files another user is accessing. Type man 5 rcsintro for more 
information. 

□ I f someone has restored the server's file systems from backup or 
issued the f sirand command on the server, follow these steps on 
each of the NFS clients to prevent stale file handles by restarting 
NFS: 

1. Issue the mount(lM) command with no options, to get a list of all 
the mounted filesystems on the client: 

/usr/sbin/mount 

2. For every NFS-mounted directory listed by the mount command, 
issue the following command to determi ne whether the directory 
is currently in use: 

/usr/sbin/fuser -cu IOCal_mOunt_point 

This command lists the process I Ds and user names of everyone 
usi ng the mounted di rectory. 

3. Warn any users to cd out of the di rectory, and ki 11 any processes 
that are usi ng the di rectory, or wait unti I the processes term! nate. 
You can use the following command to kill all processes using the 
di rectory: 

/usr/sbin/fuser -ck IOCal_mOunt_point 

4. Issue the foil owing command on the cl lent to unmount all 
NFS-mounted directories: 

/usr/sbin/umount -at nfs 

5. Issue the foil owing commands to restart the NFS client: 

/sbin/init.d/nfs.client stop 
/sbin/init.d/nfs.client start 
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If a Program Hangs 

□ Check whether the NFS server is up and operating correctly. See "If 
You Receive an NFS "Server Not Responding" Message" on page 176. 

If the server is down, wait until it comes back up, or, if the directory 
was mounted with the intr mount option (the default), you can 
interrupt the NFS mount, usually with ctrl-c. 

□ If the program uses file locking, issue the following commands (on 
either the client or the server) to make sure rpc. statd and 
rpc.iockd are available and responding to RPC requests: 

/usr/bin/rpcinfo -u Servername status 
/usr/bin/rpcinfo -u SG'VG'naiTlG llockmgr 
/usr/bin/rpcinfo -u SB'VG'narnG nlockmgr 
/usr/bin/rpcinfo -u Clientname status 
/usr/bin/rpcinfo -u CliGntnamG llockmgr 
/usr/bin/rpcinfo -u CliGTltnarnG nlockmgr 

If any of these commands returns rpc_timed_out, the rpc. statd 
or rpc.iockd process may be hung. Follow these steps to restart 

rpc.statd and rpc.lockd: 

1. Issue the foil owing commands, on both the NFS client and the 
NFS server, to kill rpc. statd and rpc. lockd (PI D is a process 
ID returned by theps command): 

/usr/bin/ps -ef I /usr/bin/grep rpc.statd 
/usr/bin/kill PID 

/usr/bin/ps -ef I /usr/bin/grep rpc.iockd 
/usr/bin/kill PID 

2. Issue the foil owing commands, on both theclient and the server, to 
remove the contents of the sm and sm.bak directories: 

/usr/bin/rm -r /etc/sm 
/usr/bin/rm -r /etc/sm.bak 

3. Issue the foil owing commands to restart rpc. statd and 
rpc. lockd on both the client and the server: 

/usr/sbin/rpc.statd 
/usr/sbin/rpc.lockd 

NOTE Always start rpc. statd before starting rpc. lockd. 


4. Issue the following commands to verify that rpc. statd, 
rpc. lockd, and nf sd are all running and responding to RPC 
requests: 
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/usr/bin/rpcinfo -u servername status 
/usr/bin/rpcinfo -u ServernamG llockmgr 
/usr/bin/rpcinfo -u ServernamG nlockmgr 
/usr/bin/rpcinfo -u servername nfs 
/usr/bin/rpcinfo -u CliGntnamG status 
/usr/bin/rpcinfo -u CliGntnamG llockmgr 
/usr/bin/rpcinfo -u CliGntnamG nlockmgr 
/usr/bin/rpcinfo -u clientname nfs 

5. Wait two mi nutes before retryi ng the mount that caused the 
program to hang. 

6. If the problem persists, restart rpc.statd and rpc.iockd, and 
turn on tracing. See 'To Start and Stop Detailed Logging of 
rpcstatd and rpclockd" on page 210 and 'To Start and Stop Basic 
Logging of rpcstatd and rpclockd" on page 211. 
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If Data is Lost Between the Client and the 
Server 

□ Make sure the directory is exported from the server with the 
noasync option (the default). If the directory is exported with the 
async option, the NFS server will acknowledge NFS writes before 
actually writing data to disk. Changing an exported directory from 
async to noasync degrades write performance for that directory. 

□ If users or applications will be writing to the NFS-mounted directory, 
make sure it is mounted with the hard option (the default), rather 
than the soft option. 

□ If you have a small number of NFS applicationsthat requireabsolute 
data integrity, add the o_sync flag to the open {) calls in your 
applications. When you open a file with theo_SYNC flag, a write() 
call will not return until the write request has been sent to the NFS 
server and acknowledged. The o_sync flag degrades write 
performance for applications that use it. 

□ If you have a large number of NFS applications requiring absolute 
data integrity, or if your entire installation needs a high degree of 
data integrity, set theNUM_NFSiOD variabletoO in the 
/etc/rc. conf ig. d/nf sconf file on each client, as follows, 

NUM_NFSIOD=0 

and issue the following commands to kill all thebiod processes (PI D 
is a process ID returned by the ps command): 

/usr/bin/ps -ef I /usr/bin/grep biod 
/usr/bin/kill PID PID ... 

The biod daemons improve performance by handling NFS read and 
write requests from users and applications. After a write request is 
passed to a biod daemon, control is returned to the user or 
application. Running a client without biod daemons degrades NFS 
performance for all users and applications on that client. 

□ If multiple NFS users will be writing to the same file, add the 
lockf 0 call toyour applications tolockthefileso that only one user 
may modify it at a time. 

If multiple users on different NFS clients will be writing to the file, 
you must also turn off attribute caching on those clients by mounting 
the file with the noac mount option. Turning off attribute caching 
degrades NFS performance. 
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For more information, see the foil owing man pages: mount(lM), open(2), 
write (2), lockf(2), and biod(lM). 
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If You Cannot Start New Processes 

□ I ssue the fol lowi ng command to check your server's memory 
utilization: 

netstat -m 

If the number of requests for memory denied is high, your 
server does not have enough memory. Consider adding more memory 
or using a different host as the NFS server. 

□ Issuetheps -ef command on the NFS server, and check for many 
instances of the same application. Sometimes an application clones 
itself indefinitely until it uses up all the aval I able inodes on a system. 

□ The default maximum number of inodes shipped with H P-UX tends 
to be too small for sites that make extensive use of NFS. Follow this 
procedure to increase the maximum number of inodes on your NFS 
server: 

1. Log in as root to the NFS server. 

2. Type /usr/sbin/sam to start SAM (System Administration 
Manager). 

3. Open Kernel Configuration. 

4. Open Configurable Parameters. 

5. Highlight the line that begins with ninode, and choose Modify 
Configurable Parameter from the Actions menu. 

6. Increase the value in theFormuia/vaiue field, either by 
changing the constant multiplier in the formula or replacing the 
formula with a value. If your ninode value is currently set tothe 
default (606), try changing it to 2048. 

7. Use SAM to regenerate the kernel and reboot the system. 

For more information on using SAM, choose SAM's Help button, or press 
the FI key for context-sensitive help. 
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If You Receive a 'Too Many Levels of Remote 
in Path" Message 

This message indicates that you are attempting to mount a directory 
from a server that has N F S-mounted the di rectory from another server. 
You cannot "chain" your NFS mounts this way. You must mount the 
directory from the server that has it mounted on a local disk. 
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Common Problems with NIS 

This section lists the following common problems encountered with NIS 
and suggests ways to correct them. 

• I f You Receive an NIS "Server Not Respond!ng" M essage, see 
page 193. 

• If a User Cannot Log I n, see page 194. 

• If You Receive an "Unknown Host" Message, see page 196. 

• If an Nl S Client Cannot Bind to a Server, see page 198. 

• If Nl S Returns I ncorrect I nformation, see page 199. 
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If You Receive an NIS "Server Not 
Responding" Message 

□ Issue the /usr/sbin/ping(lM) command on the Nl S client to make 
suretheNI S server is up and is reachable on the network. If the ping 
command fails, either the server is down, or the network has a 
problem. If the server is down, reboot it, or wait for it to come back up. 
For information on troubleshooting network problems, see I nstalling 
and Administering LAN/ 9000 Software 

To boot your NIS client without waiting for the server to come up, 
boot the client in single user mode, set nis_client=o in the 
/etc/rc. config. d/namsvrs file, then boot your client the rest of 
the way up. 

□ I ssue the domainname command (with no arguments) on both the 
NIS server and the NIS client to check whether their domain names 
are the same. If they are different, log in as root tothe Nl S client and 
issue the foil owing command to change its domain name: 

domainname domainnamG 

□ I ssue the ps -ef command on the NIS server to check whether 
ypserv is running. If it is not, follow these steps: 

1. I n the / etc/rc. config. d/namesvrs file on the NIS server, 
make sure the foil owing variables are set: 

NIS_MASTER_SERVER=1 

2. I ssue the foil owing command to start up the NIS server: 

/sbin/init.d/nis.server start 

□ Make sure an NIS server exists on the same subnet as the Nl S client. 
The client broadcasts its bind request, and it binds to the first server 
that responds to the request. Broadcasts do not cross gateways or 
routers, so the server must be on the same subnet as the client in 
order to receive the bind request. If you cannot configure an NIS 
server on the same subnet as your NIS clients, see'ToBind an NIS 
Client to a Server on a Different Subnet" on page 144. 
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If a User Cannot Log I n 

□ I f the user has recently changed passwords, ask the user to try 
logging in with the old password. If the user can log in usingtheold 
password, follow these steps: 

1. Issuetheps -ef command on the NIS master server to make 
sure the yppasswdd daemon is running. If it is not, issue the 
following command to start all the NIS server processes: 

/sbin/init.d/nis.server start 

2. Check thecron scripts on theslaveserversto makesuretransfers 
of the passwd map from the master server are frequent enough. 
Once per hour is usually frequent enough, but frequent map 
transfers may cause too much network traffic. You might want to 
schedule map transfers for late at night, and advise users to make 
their password changes just before they go home. 

□ Issue the following command on the NIS client to determine which 
master server supplies the passwd map to the cl lent: 

/usr/bin/ypwhich -m passwd 

I f the server does not respond, see "I f You Receive an NIS "Server N ot 
Responding" Message"on page 193. 

I f the ypwhich command returns the name of the NIS master server, 
log in as root to the master server and make sure the user has an 
entry in its /etc/passwd file. Then, issue the foil owing commands 
on the master server to generate the NIS passwd database from the 
/etc/passwd file and push ittotheNIS slave servers: 

cd /var/yp 

/usr/ccs/bin/make passwd 

□ I ssue the domainname command (with no arguments) to make sure 
the client's default domain is the domain served by the NIS master 
server. If it is not, log in as root tothe Nl S client, and issue the 
following command to change its domain name: 

domainname domainname 

□ I ssue the following command to check whether the NIS client has an 
entry in the passwd database on the Nl S server to which it is bound: 

/usr/bin/ypmatch USG'namG passwd 

If the client has no entry in thepasswd database, issue the foil owing 
command on the Nl S server to which the client is bound: 
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/usr/sbin/ypxfr passwd 

This command transfers the passwd database from the NIS master 
server to the server where you issue the command. 

□ If the user's NIS client is bound to a slave server, make sure the slave 
server is listed in the NlS master server's ypservers database. 
Follow these steps: 

1. Issue the foil owing command on the Nl S client to deter mine which 
server the client is bound to: 

/usr/bin/ypwhich 

2. Log IntotheNIS master server, and issue the following command: 

cd /var/yp/domainname 

3. I ssuethe foil owing command on the Nl S master server to write 
the contents of the ypservers database to a temporary file: 

/usr/sbin/makedbm -u ypservers > tempfile 

4. If the Nl S slave server is not listed in tempfile, use a text editor 
to add it, and then issue the following command to rebuild the 
ypservers database: 

/usr/sbin/makedbm tempfile ypservers 

□ Make surethe NIS escape entry in the /etc/passwd fileon the 
client does not have an asterisk in the password field. On H P systems, 
the NIS escape entry in the /etc/passwd file should be 

+ ::- 2 : 60001 : : : 
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If You Receive an 'Unknown Host" Message 

□ Issue the following commands to trace a lookup of the unknown host: 

nslookup 

> set swtrace 

> hostname 

The trace will indicate which name services (BIND, Nl S, or 
/etc/hosts) were queried and in what order. If your host is not 
performing lookups the way you want, see "Configuring the Name 
Service Switch"on page 153 for instructions on configuring the Name 
Service Switch. 

Type exit to exit from nslookup. 

□ Issue the following command on the NIS client to determine which 
master server supplies the hosts map: 

/usr/bin/ypwhich -m hosts 

I f the server does not respond, see "I f You Receive an NIS "Server N ot 
Responding" Message"on page 193. 

I f the ypwhich command returns the name of the NIS master server, 
log in as root to the master server and make sure the unknown host is 
listed in its /etc/hosts file. Then, issue the foil owing commands on 
the master server to generate the NIS hosts database from the 
/etc/hosts fileand push ittotheNIS slave servers: 

cd /var/yp 

/usr/ccs/bin/make hosts 

□ I ssue the domainname command (with no arguments) to make sure 
the client's default domain is the domain served by the NIS master 
server. If it is not, log in as root tothe Nl S client and issue the 
following command to change its domain name: 

domainname domainname 

□ I ssue the following command to check whether the unknown host is 
listed in the hosts database on the Nl S server to which the client is 
bound: 

/usr/bin/ypmatch hOStname hosts 

If the host is not listed in the hosts database, issue the following 
command on the Nl S server to which the client is bound: 

/usr/sbin/ypxfr hosts 
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This command transfers the hosts databasefromthe NIS master 
server to the server where you issue the command. 

□ If theNI S client is bound to a slave server, make sure the slave server 
is listed in the NlS master server's ypservers database. Follow 
these steps: 

1. Issue the foil owing command on the Nl S client to deter mine which 
server the client is bound to: 

/usr/bin/ypwhich 

2. Log in as root to the Nl S master server and issue the following 
command to change to the di rectory where the domai n databases 
reside: 

cd /var/yp/domainname 

3. On the NIS master server, issue the following command to write 
the contents of the ypservers database to a temporary file: 

/usr/sbin/makedbm -u ypservers > tempfile 

4. If the Nl S slave server is not listed in tempfile, use a text editor 
to add it, and then issue the following command to rebuild the 
ypservers database: 

/usr/sbin/makedbm tempfile ypservers 
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If an NIS Client Cannot Bind to a Server 

If NIS commands return any of the foil owing messages, 

ypcat: can't bind to an NIS server for domain domainname 

ypmatch: can't match key. 

reason: can't communicate with ypbind 

ypwhich: clntudp_create error RPC_PROG_NOT_REGISTERED 

then ypbind is not running on the client. Issue the following command 
to start all the NIS client processes: 

/sbin/init.d/nis.client start 
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If Nl S Returns I ncorrect I nformation 

□ Issue the following command on the NIS client to determine which 
master server supplies the appropriate NIS map: 

/usr/bin/ypwhich -m mapnamG 

I f the server does not respond, see "I f You Receive an NIS "Server N ot 
Responding" Message"on page 193. 

□ Log in as root tothe Nl S master server, and issue the following 
command to check the contents of the appropriate NIS map: 

/usr/bin/ypcat -k mapnamG 

If the map contents are not correct, edit the ASCI I filefrom which the 
map is generated. Then issue the following commands to regenerate 
the map and push it to the slave servers: 

cd /var/yp 

/usr/ccs/bin/make mapnamG 

□ I ssue the domainname command (with no arguments) to make sure 
the client's default domain is the domain served by the NIS master 
server. If it is not, log in as root tothe Nl S client, and issue the 
following command to change its domain name: 

domainname domainname 

□ I ssue the following command on the NIS client to check the contents 
of the map on the Nl S server to which the client is bound: 

/usr/bin/ypcat -k mapnamG 

If the contents are not correct, log in as root tothe server that serves 
the NIS client, and issue the following command: 

/usr/sbin/ypxfr mapname 

This command transfers the map from the NIS master server to the 
server where you issue the command. 

□ If the Nl S client is bound to a slave server, make sure the slave server 
is listed in the Nl S master server's ypservers database. Follow 
these steps: 

1. I ssue the foil owing command on the Nl S client to deter mine which 
server the client is bound to: 

/usr/bin/ypwhich 
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2. Log in as root to the Nl S master server and issue the following 
command to change to the di rectory where the domai n databases 
reside: 

cd /var/yp/domainname 

3. On the NIS master server, issue the following command to write 
the contents of the ypserver s database to a temporary file: 

/usr/sbin/makedbm -u ypservers > tempfile 

4. If the Nl S slave server is not listed in tempfile, use a text editor 
to add it, and then issue the following command to rebuild the 
ypservers database: 

/usr/sbin/makedbm tempfile ypservers 

□ Make sure the slave servers have cron scripts that schedule regular 
updates of the map. 
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Performance Tuni ng 

This section gives suggestions for identifying performance problems in 
your network and improving NFS performance on your servers and 
clients. It contains the foil owing sections: 

• To Diagnose NFS Performance Problems, see page 202. 

• To I mprove NFS Server Performance, see page 203. 

• T 0 Adjust the N umber of nfsd Processes, see page 205. 

• To I mprove NFS Client Performance, see page 206. 
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To Diagnose NFS Performance Problems 

1. I ssue the following command on several of your NFS clients: 

nfsstat -rc 

2. If the timeout and retrans values displayed by nfsstat -rc are 
high, but thebadxid value is close to zero, packets are being dropped 
before they get to the NFS server. 

Try decreasing the values of thewsize and rsize mount options to 
4096 or 2048 on the NFS clients. See 'To Change the Default Mount 
Options" on page 40. 

See I nstalling and Administering LAN/ 9000 Software for 
information on troubleshooting LAN problems. 

3. If the timeout and badxid values displayed by nfsstat -rc are of 
the same magnitude, your server is probably slow. Client RPC 
requests are ti mi ng out and bei ng retransmitted before the N F S 
server has a chance to respond to them. 

See 'To I mprove NFS Server Performance"on page203. 

T ry doubling the value of the timeo mount option on the NFS clients. 
See 'To Change the Default M ount Options" on page 40. 

4. I ssue the fol lowing command on any machine on the network: 

netstat -i 

The number of collisions (coii) divided by the number of output 
packets (opkts) is the collision rate. If your collision rate is greater 
than 10%, consider dividing your network into smaller segments and 
putting an NFS server on each segment. See I nstalling and 
Administering LAN/9000 Software for information on dividing your 
network. 
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To Improve NFS Server Performance 

□ I ssue the fol lowi ng command to check your server's memory 
utilization: 

netstat -m 

If the number of requests for memory denied is high, your 
server does not have enough memory, and NFS clients will experience 
poor performance. Consider adding more memory or using a different 
host as the N F S server. 

□ Put heavily used directories on different disks on your NFS servers so 
they can be accessed in parallel. 

□ Makesureyour server is running the correct number of nfsd 
processes. See 'To Adjust the N umber of nfsd Processes" on page 205. 

□ I ssue the fol lowing command on the NFS server: 

vmstat -n 

If the us and sy values under cpu are high, and the id (idle time) 
value under cpu is close to zero, your server's CPU is heavily loaded. 
Try using a faster machine as your NFS server. Do not use a gateway 
or a termi nal server as an N F S or NIS server. 

□ I ssue the fol lowing command to determine which processes are using 
the most CPU: 

/usr/bin/top 

The top program sorts the processes running on your system, with 
the most CPU-intensive process at the top of the display. It refreshes 
the display every five seconds. Try taking some CPU-intensive 
processes off the server. 

Type q to exit the top program. 

□ Log into the NFS server and issue the fol lowing command: 

nfsstat -s 

If the number of readiink calls is of the same magnitude as the 
number of lookup calls, you have a symbolic link in a filesystem that 
is frequently traversed by NFS clients. 

On the NFS clients that require access to the linked directory, mount 
the target of the link. Then, remove the link from the exported 
directory on the server. 
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When a client requests access to a linked file or directory, two 
requests are sent to the server: one to look up the path to the link, 
and another to look up the target of the link. You can improve NFS 
performance by removing symbolic links from exported directories. 


CAUTION Do not remove symbolic links in an NFS diskless environment. File 

sharing in NFS diskless is done by means of symbolic links. 


□ Ifthevalueofgetattr displayed by nfsstat -s is greater than 
60%, one or more clients have either turned off attribute caching 
(with the noac mount option) or set the caching timeout values too 
low. 

I ncrease the attribute caching timeouts on the clients that have them 
set below the default values. See'To Change the Default Mount 
Options" on page 40. 

□ Export directories with the async option. When async is specified, 
the server acknowledges write requests from clients before writing 
data to disk. Clients do not have to wait for a write request to 
complete before issuing another request. 
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To Adjust the Number of nfsd Processes 

1. Issue the following command on the NFS server: 

netstat -s 

IftheUDP statistics displayed bythenetstat command indicatea 
large number of socket overflows, as in the following example, then 
your server is not running enough nfsd daemons. 

udp: 

0 incomplete headers 
0 bad data length fields 
0 bad checksums 
1375 socket overflows 

2. To increase the number of nfsd daemons running, change the value 

of the NUM_NFSD variable in the /etc/rc . conf ig . d/nf sconf file, 
as in the following example: 

NUM_NFSD=8 

3. Issue the following command to start more nfsd processes: 

/usr/sbin/nfsd number 

4. Issue the netstat -s command again to check the number of socket 
overflows. Continue to adjust the num_nfsd value and start nfsd 
processes until the number of ne/v socket overflows is close to zero. 
(The output of nfsstat is cumulative, so when there are no new 
socket overflows, the number will stay the same.) 

Asa general rule, an NFS server should run approximately two nfsd 
daemons for each entry in the / etc/exports file. 

For more information, type man im nfsd at the FI P-UX prompt. 
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To Improve NFS Client Performance 

□ Issue the ps -ef command to make sure four biod prcxcesses are 
running on each client. To start four biod processes, set the 

NUM_NFSIOD variable to 4 in the /etc/rc . conf ig . d/nf sconf file, 
and issue the following command: 

/usr/sbin/biod 4 


NOTE If your performance bottleneck is a slow server, increasi ng the number of 

biod processes beyond four will not improve NFS performance, and it 
might make it worse. 


□ For files and directories that are mounted read-only and never 
change, set the actimeo mount option to 120 or greater in the 
/etc/fstab fileon your NFS clients. See 'To Change the Default 
Mount Options" on page 40. 

□ I f you see several "server not respond! ng" messages with! n a few 
minutes, try doubling the value of the timeo mount option in the 
/etc/fstab fileon your NFS clients. See 'ToChangethe Default 
Mount Options" on page 40. 

□ I f you frequently see the fol lowi ng message when attempt! ng access 
to a soft-mounted directory, 

NFS operation failed for server Servemame: Timed out 

try increasing the value of the retrans mount option in the 
/etc/fstab file on the NFS clients. Or, changethe soft mount to an 
interruptible hard mount, by specifying the hard and intr options 
(the defaults). See 'To Change the Default M ount Options" on 
page 40. 

□ Type the fol I owing command on the NFS server, to find out the block 
size of the server's file system: 

/usr/sbin/tunefs -v ds/icGfilsname 

On the NFS clients, set the wsize and rsize mount options to the 
bsize value displayed by tunefs. See'ToChangethe Default Mount 
Options" on page 40. 

□ On the NFS clients, look in the /etc/fstab filefor "stepping-stone" 
mounts (hierarchical mounts), as in the fol lowing example: 

thyme:/usr /usr nfs defaults 0 0 

basil:/usr/share /usr/share nfs defaults 0 0 

sage:/usr/share/lib /usr/share/lib nfs defaults 0 0 
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Wherever possible, change these "stepping-stone" mounts so that 
whole directories are mounted from a single NFS server. 

Stepping-stone (hierarchical) mounts, I ike the one in the example 
above, cause more NFS requests than mounts from a si ngle server. I n 
the example, if a client wants access to something in 
/usr/share/iib, a request must be sent to server thyme, then to 
server basil, and finally to server sage. 
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Logging and Tracing of NFS Services 

This section tells you how to start the following tools: 

• NFS Logging 

• AutoFS Logging 

• AutoFS Tracing 

• Logging for the Other NFS Services 

• NIS Logging 

• Logging With netti and netfmt 

• Tracing With netti and netfmt 


208 


Chapter? 





Troubleshooting NFS Services 

Logging and Tracing of NFS Services 


NFS Logging 

You can configure logging for the following NFS daemons: 

• rpc.mountd 

• rpc.statd 

• rpc.lockd 

Each message logged by these daemons can be identifed by the date, 
ti me, host name, process ID, and name of the daemon that generated the 
message. You can di rect loggi ng messages from al I these NFS daemons to 
the same file. 

To Control the Size of Log Files 

Log files grow without bound, using up disk space. You might want to 
createa cron job to truncate your log files regularly. Following is an 
example crontab entry that empties the log file at 1:00 AM every 
Monday, Wednesday, and Friday: 

0 1 * * 1,3,5 cat /dev/null > log_file 

For more information, type man im cron or man i crontab at the 
HP-UX prompt. 


Chapter 7 


209 




Troubleshooting NFS Services 

Logging and Tracing of NFS Services 

To Start and Stop rpc .mountd Logging 

1. Issue the following commands to kill the rpc .mountd process and 
restart it with logging turned on (PI D is a process ID returned by the 
ps command): 

ps -ef i grep mountd 
kill PID 

/usr/sbin/rpc.mountd -1 /var/adm/mountd.log 

2. If you want rpc .mountd to log mount requests and mount failures as 
well as errors, add the-t2 option to the rpc .mountd command, as in 
the foil owing example: 

/usr/sbin/rpc.mountd -1 /var/adm/mountd.log -t2 

3. Tostop logging, kill rpc .mountd and restart it without the-i logfile 
and -t2 options. 

If you do not specify the -i or-t option, rpc. mountd logs only errors to 
/var /adm/mountd. log. I f this file does not exist, rpc. mountd creates 
it. rpc .mountd Can share the Same log file with the other NFS daemons. 

For more information, type man im mountd at the H P-UX prompt. 

To Start and Stop Detailed Logging of rpc. statd and 
rpc.lockd 

To start detailed logging of rpc .statd and rpc. lockd while they are 
running, issue the foil owing commands (PI D is a process ID returned by 
the ps command): 

/usr/bin/ps -ef I /usr/bin/grep rpc.statd 
/usr/bin/kill -SIGUSR2 PID 
/usr/bin/ps -ef | /usr/bin/grep rpc.lockd 
/usr/bin/kill -SIGUSR2 PID 

ThesiGUSR2 signal sets the logging to level 3 (the most detailed level). 
The logging for rpc. statd is appended to the file 

/var/adm/rpc. statd. log. The logging for rpc. lockd is appended to 
the file /var/adm/rpc.lockd.log. 

Tostop detailed logging of rpc. statd and rpc. lockd, issue the same 
commands listed above to send the sigusr2 signal to the processes. The 
SIGUSR 2 signal is a togglethat turns logging on or off, depending on its 
current state. 

For more information, type man im statd or man im lockd at the 
HP-UX prompt. 
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To Start and Stop Basic Logging of rpc. statd and 
rpc.lockd 

To start basic logging of rpc. statd and rpc. lockd (just errors, 
warnings, startup, and shutdown), issuethefollowing commands (PI D is 
a process ID returned by the ps command): 

ps -ef I grep lockd 
kill PID 

ps -ef I grep statd 
kill PID 

/usr/sbin/rpc.statd -1 /var/adm/rpc.statd.log 
/usr/sbin/rpc.lockd -1 /var/adm/rpc.lockd.log 

NOTE Always start rpc. statd before starting rpc. lockd. 


To stop basic logging of rpc. statd and rpc. lockd, kill them and 
restart them without the -i logfileoption. 

The rpc. statd and rpc. lockd daemons can share the same log file 
with the other NFS daemons. 

For more information, type man im lockd or man im statd at the 
HP-UX prompt. 
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AutoFS Logging 

The automount and automountd prcxcesses log messages through 
/usr/sbin/sysiogd. By default, sysiogd writes messages tothefile 

/var/adm/syslog/syslog.log. Type man IM sysiogd for more 
information on sysiogd. 

To Enable automount Logging 

The automount process runs at startup to parse the automounter maps 
and set up AutoFS mount points. It is not a daemon and does not run 
continuously. To enable automount logging, specify the -v option to the 
automount command, as follows: 

/usr/sbin/automount -v 

The-v option to automount causes it to log AutoFS mounts, unmounts, 
and other non-essential information to the console and to sysiog. 

To Start automountd Logging 

1. Log in as root to the NFS client. 

2. Issue the following command to stop automountd: 

/sbin/init.d/autofs stop 

If any automounted directories arecurrently in use, theautofs 
script will not stop automountd and will display a message. 

3. If the autofs script failed to stop automountd because mounted 
directories were busy, warn any users to cd out of the directory, and 
kill any processes that are using the directory, or wait untiI the 
processes termi nate. You can issue the foil owing command to kill all 
the processes using the mounted directory: 

/usr/sbin/fuser -ck IOCBl_mCXjnt_point 

4. I n the /etc/rc. config. d/nfsconf file, use a text editor to add the 
-V option tothe AUT0M0UNTD_0PTI0NS variable, as follows: 

AUTOMOUNTD_OPTIONS="-v" 

The -V option causes automountd to log status messages tothe 
console and to sysiog. 

5. Issuethefollowing command tostart automountd with logging 
enabled: 

/sbin/init.d/autofs start 
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To Stop automountd Logging 

1. Log in as rcxot to the NFS client. 

2. Issue the following command to stop automountd: 

/sbin/init.d/autofs stop 

If any automounted directories arecurrently in use, theautofs 
script will not stop automountd and will display a message. 

3. If the autofs script failed to stop automountd because mounted 
directories were busy, warn any users to cd out of the directory, and 
kill any processes that are using the directory, or wait untiI the 
processes termi nate. You can issue the following command to kill all 
the processes using the mounted directory: 

/usr/sbin/fuser -ck IOC3l_mOunt_point 

4. I n the /etc/rc. conf ig. d/nf sconf file, usea text editor to remove 
the-v option from the automountd_options variable, as follows: 

AUTOMOUNTD_OPTIONS="" 

5. Issue the following command to restart automountd with logging 
disabled: 

/sbin/init.d/autofs start 
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AutoF S T raci ng 

Two levels of Autofs tracing are available: 

Detaled (level 3) I ncludes traces of all automounter requests and 
replies, mount attempts, timeouts, and unmount 
attempts. You can start level 3 tracing while 
automountd Is running. 

Basic (level 1) I ncludes traces of all automounter requests and 

replies. You must restart automountd to start level 1 
trad ng. 

To Start and Stop automountd Detailed Tracing 

1. Log in as root to the NFS client. 

2. Issue the following commands (PI D isthe process ID returned by the 
ps command): 

ps -ef I grep automountd 
kill -SIGUSR2 PID 

Level 3 tracing is sent to the console. 

Tostop level 3 tracing, issuethe same commands listed above to send the 
SIGUSR2 signal to automountd. The SIGUSR2 signal is a togglethat 
turns tracing on or off depending on its current state. 

If you have basic (level 1) tracing turned on when you send the sigusr 2 
signal to automountd, the SIGUSR2 signal turns tracing off. 

To Start automountd Basic Tracing 

1. Log in as root to the NFS client. 

2. Issue the following command tostop automountd: 

/sbin/init.d/autofs stop 

If any automounted directories are currently in use, the autofs 
script will not stop automountd and will display a message. 

3. If the autofs script failed tostop automountd because mounted 
directories were busy, warn any users to cd out of the directory, and 
ki 11 any processes that are usi ng the di rectory, or wait unti I the 
processes term! nate. You can issue the following command to kill all 
the processes using the mounted directory: 

/usr/sbin/fuser -ck IOCal_mOunt_point 
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4. I n the /etc/rc. config. d/nfsconf file, use a text editor to add the 
-T option tothe AUT0M0UNTD_0PTI0NS variable, as follows: 

AUTOMOUNTD_OPTIONS="-T" 

The-T option causes automountd to display each RPC call on 
standard output and log it to sysiog. 

5. Issue the following command to start automountd with tracing 
enabled: 

/sbin/init.d/autofs start 

To Stop automound Basic Tracing 

1. Log in as root tothe NFS client. 

2. Issue the following command to stop automountd: 

/sbin/init.d/autofs stop 

If any automounted directories arecurrently in use, theautofs 
script will not stop automountd and will display a message. 

3. If the autofs script failed to stop automountd because mounted 
directories were busy, warn any users to cd out of the directory, and 
kill any processes that are using the directory, or wait untiI the 
processes termi nate. You can issue the foil owing command to kill all 
the processes using the mounted directory: 

/usr/sbin/fuser -ck ICX3l_mOunt_point 

4. I n the /etc/rc . config. d/nfsconf file, use a text editor to remove 
the-T option from the automountd_options variable, as follows: 

AUTOMOUNTD_OPTIONS="" 

5. Issue the following command to restart automountd with tracing 
disabled: 

/sbin/init.d/autofs start 
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Logging for the Other NFS Services 

You can configure logging for the following NFS services: 

• rpc.rexd 

• rpc.rstatd 

• rpc.rusersd 

• rpc.rwalld 

• rpc.sprayd 

Logging is not available for the rpc.quotad daemon. 

E ach message logged by these daemons can be identifed by the date, 
time, host name, process ID, and name of the function that generated the 
message. You can direct logging messages from all these NFS services to 
the same file. 

To Control the Size of Log Files 

Log files grow without bound, using up disk space. You might want to 
createa cron job to truncate your log files regularly. Following is an 
example crontab entry that empties the log file at 1:00 AM every 
Monday, Wednesday, and Friday: 

0 1 * * 1,3,5 cat /dev/null > log_file 

For more information, type man im cron or man i crontab at the 
HP-UX prompt. 

To Configure Logging for the Other NFS Services 

1. Addthe-i logfileoption tothe lines in /etc/inetd. conf for the 
services you want to log. I n the following example, logging is turned 

on for rpc . rexd and rpc . rstatd: 

rpc stream tcp nowait root /usr/sbin/rpc.rexd 100017 1 \ 
rpc.rexd -1 /var/adm/rpc.log 

rpc dgram udp wait root /usr/lib/netsvc/rstat/rpc.rstatd \ 
100001 1-3 rpc.rstatd -1 /var/adm/rpc.log 

2. Issue the following command to restart inetd: 

/usr/sbin/inetd -c 
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If you do not specify a log file for the other NFS services (with the -i 
option), they do not log any messages. The NFS services can al I share the 
same log file. 

Typeman iM rexd for descriptions of the messages logged by the 
rpc. rexd daemon. 

For more information, see the foil owing man pages: rexd(lM), 

rstatd(lM), rusersd(lM), rwalld(lM), and sprayd(lM). 
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NIS Logging 

You can configure logging for the following NIS processes: 

• ypxfr 

• ypserv 

• ypbind 

• yppasswdd 

Each message logged by these daemons can be identifed by the date, 
time, host name, process ID, and name of the function that generated the 
message. You can direct logging messages from all these NIS daemons to 
the same file. 

To Control the Size of Log Files 

Log files grow without bound, using up disk space. You might want to 
createa cron job to truncate your log files regularly. Following is an 
example crontab entry that empties the log file at 1:00 AM every 
Monday, Wednesday, and Friday: 

0 1 * * 1,3,5 cat /dev/null > log_file 

For more information, type man im cron or man i crontab at the 
HP-UX prompt. 

To Stop and Start Logging of ypxfr 

If ypxfr is run interactively from the command line, it logs messages to 
standard output. If ypxfr is run by cron or by yppush, it logs messages 
to the file /var/yp/ypxfr. log, if the file exists. To start logging of 
ypxfr, issue the following command to make sure the 

/ var/ yp/ ypxfr . log file exists: 

/usr/bin/touch /var/yp/ypxfr.log 

To stop logging of ypxfr, remove the ypxfr. log file: 

/usr/bin/rm /var/yp/ypxfr.log 

You cannot redirect the logging output of ypxfr. 

For more information, see the foil owing man pages: ypxfr(lM), 
cron (IM), and yppush(lM). 
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To Start and Stop Logging of ypserv 

By default, the ypserv daemon logs messages to the file 
/var/yp/ypserv. log, if it exists. To Start logging of ypserv, issue the 
following command to make sure the /var/yp/ypserv. log file exists: 

/usr/bin/touch /var/yp/ypserv.log 

To Stop logging of ypserv, remove the ypserv. log file: 

/usr/bin/rm /var/yp/ypserv.log 

If you want to direct ypserv logging to a different file, follow these steps: 

1. Add the -1 logfileoption to the ypserv_options variable in 
/etc/rc. con fig. d/namesvrs, as in the following example: 

YPSERV_OPTIONS="-l /var/yp/nis_log'' 

2. Issue the following commands to restart ypserv (PI D is the process 
ID returned by the ps command): 

ps -ef I grep ypserv 
kill PID 

/usr/lib/netsvc/yp/ypserv Options 

options is the list of options configured in the ypserv_options 
variable in the / etc/rc. conf ig. d/namesvrs file. You can also 
source the /etc/rc. conf ig. d/namesvrs file, and then enter the 
ypserv command as follows: 

/usr/1ib/netsVC/yp/ypserv $YPSERV_OPTIONS 

If you specify a log file with the -i option, ypserv can share the same 
log file with the other NIS daemons. 

For more information, type man im ypserv at the H P-UX prompt. 

To Configure ypbind Logging 

1. Add the -1 logfileoption to the ypbind_options variable in 
/etc/rc. conf ig. d/namesvrs, as in the following example: 

YPBIND_OPTIONS="-l /var/yp/nis_log'' 

2. Issuethefollowing commands to restart ypbind (PI D isthe process 
ID returned by the ps command): 

ps -ef I grep ypbind 
kill PID 

/usr/lib/netsvc/yp/ypbind options 
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options is the list of options configured in the ypbind_options 
variable in the / etc/rc. conf ig. d/namesvrs file. You can also 
source the /etc/rc. config. d/namesvrs file, and then enter the 
ypbind command as follows: 

/usr/1ib/netsVC/yp/ypbind $YPBIND_OPTIONS 

If you do not specify a log file for ypbind (with the -i option), it logs 
messages to the system console, /dev/consoie. The ypbind daemon 
can share the same log file with the other NIS daemons. 

For more information, type man im ypbind at the H P-UX prompt. 

To Configure yppasswdd Logging 

1. Add the -1 logfileoption to the yppasswdd_options variable in 
/etc/rc. config. d/namesvrs, as in the following example: 

YPPASSWDD_OPTIONS=''-l /var/yp/nis_log" 

2. Issuethefollowing commands to restart yppasswdd (PI D isthe 
process ID returned by theps command): 

ps -ef I grep yppasswdd 
kill PID 

/usr/lib/netsvc/yp/rpc.yppasswdd options 

options is the list of options configured in the yppasswdd_options 
variable in the / etc/rc. config. d/namesvrs file. You can also 
source the /etc/rc. config. d/namesvrs file, and then enter the 
yppasswdd command as follows: 

/usr/lib/netsvc/yp/rpc.yppasswdd $YPPASSWDD_OPTIONS 

For more information, type man im yppasswdd at the H P-UX prompt. 
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Logging With netti and netfmt 

1. Issue the following command to make sure netti is running: 

/usr/bin/ps -ef I grep netti 

If netti is not running, issue the following command to start it: 

/usr/sbin/nettl -start 

2. Issue the following command to start logging: 

/usr/sbin/nettl -1 i w e d -e all 

The logging classes are specified following the -i option. They are i 
(informational), w (warning), e (error), and d (disaster). Disaster 
logging is always on. You cannot turn it off. I nformation logging (l) 
fills up your logfilefaster than the other classes, so you might want to 
leave it off. 

3. Recreate the event you want to log. 

4. Issue the following command to turn logging off: 

/usr/sbin/nettl -1 d -e all 

This command changes the logging class back to disaster only for all 
subsystems. 

5. Issue the following command to format the binary log file: 

/usr/sbin/netfmt -IN -f /var/adm/nett 1. LOGO0 > formatt6d_filG 

where formatted_file is the name of the file where you want the 
formatted output from netfmt. The default log file, 

/var/adm/nett 1 . LOGnn, is Specified in the netti configuration file, 

/etc/nettlgen . conf . I f the file / var/ adm/netti . LOGO 0 doeS not 
exist on your system, the default log file may have been changed in 

/etc/nettlgen.conf. 

For more information, type man 1M netti or man 1M netfmt. 
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Tracing With netti and netfmt 

1. Issue the following command to make sure netti is running: 

/usr/bin/ps -ef I grep netti 

If netti is not running, issue the following command to start it: 

/usr/sbin/nettl -start 

2. Issue the following command to start tracing: 

/usr/sbin/nettl -tn pduin pduout loopback -e all -s 1024 \ 

-f tracefile 

3. Recreate the event you want to trace. 

4. Issue the following command to turn tracing off: 

/usr/sbin/nettl -tf -e all 

5. Create the following filter filefor netfmt: 

filter ip_saddr remote_host_l P_address 
filter ip_daddr remote_host_l P_address 

filter rpcprogram nfs 
filter rpcprogram nlockmgr 
filter rpcprogram llockmgr 
filter rpcprogram status 
filter rpcprogram mount 
filter rpcprogram portmap 

remote_host_l P_address is the IP address of the host with which your 
host was communicating when the event you want to trace occurred. 

6. Issue the following command to format the binary trace file: 

/usr/sbin/netfmt -c filter_file -IN -f tracefile. TRCO > formatted_file 

where tracefile is the name of the file you specified when you started 
tracing, and formatted_fileis the name of the file where you want the 
formatted output from netfmt. 

For more information, type man im netti or man 1M netfmt. 
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Normal System Startup 

This section explains the system startup sequence and how the NFS and 
NIS daemons are started up in a normal system boot. 


1. The /sbin/rc script sources all the files in the /etc/rc. conf ig. d 
directory. The files in /etc/rc. config. d contain environment 
variables that control the startup and behavior of various processes. 

2. The /sbin/rc script runs the scripts in the directories 

/sbin/rcO.d, /sbin/rcl.d, /sbin/rc2.d, /sbin/rc3.d, and 
/sbin/rc4 . d, in that order. 

The scripts in the /sbin/rcn. d directories are named 
sNNNscriptname, where NNN is a sequence number, and scriptname 
is the name of a startup script in the /sbin/init. d directory. Each 
of these scripts is actually a link to a startup script in 
/sbin/init. d. The /sbin/rc Script runs them in order by 
sequence number. Following is a partial listing of the /sbin/rc2. d 
directory: 


Irwxr-xr-x 

Irwxr-xr-x 

Irwxr-xr-x 

Irwxr-xr-x 


1 root ... S400nfs.core -> /sbin/init.d/nfs.core 
1 root ... S41Onis.server -> /sbin/init.d/nis.server 
1 root ... S420nis.client -> /sbin/init.d/nis.client 
1 root ... S430nfs . client -> /sbin/init.d/nfs.client 


All the startup scripts for the NFS services are started at run level 2 
except the nf s. server script, which is started at run level 3. Table 
shows the NFS startup scripts, in the order they are run at system 
startup. It lists the processes that each script starts and thefiles and 
environment variables in /etc/rc.config. dthat influence their 
behavior. 


All of the startup scripts start portmap if it is not already started, 
but only one portmap process should be running at once. 

Startup Scripts for the NFS Services 
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Startup 
script in 

/sbin/init.d 

Processes started 

Related file in 

/etc/rc.config.d 

Environment variables 
used 

nfs . core 

portmap (IM) 

none 

none 

nis . server 

portmap (IM) 
domainname(1) 
ypserv(IM) 
ypxfrd(IM) 
yppasswdd{IM) 
ypupdated{IM) 
keyserv(IM) 

namesvrs 

NIS_MASTER_SERVER 

NIS_SLAVE_SERVER 

NIS_DOMAIN 

YPSERV_OPTIONS 

YPPASSWDD_OPTIONS 

KEYSERV_OPTIONS 

YPUPDATED_OPTIONS 

YPXFRD_OPTIONS 

nis . client 

portmap(IM) 
domainname(1) 
ypbind(IM) 
keyserv(IM) 

namesvrs 

NIS_CLIENT 

NIS_DOMAIN 

WAI T_F OR_N IS_SERVER 

MAX_NISCHECKS 

YPBIND_OPTIONS 

KEYSERV_OPTIONS 

YPSET_ADDR 

nfs . client 

portmap(IM) 
biod(IM) 
statd(IM) 
lockd(IM) 
automount(IM) 
automountd(IM) 
mount(IM) 
swapon(IM) 

nfsconf 

NFS_CLIENT 

NUM_NFSIOD 

STATD_OPTIONS 

LOCKD_OPTIONS 

AUTOMOUNT 

AUTO_MASTER 

AUTOMOUNT_OPTIONS 

AUTOMOUNTD_OPTIONS 

nfs . server 

portmap(IM) 
exportfs(IM) 
mountd(IM) 
nfsd(IM) 
statd(IM) 
loclcd (IM) 
pcnfsd(IM) 
swapon(IM) 

nfsconf 

NFS_SERVER 

NUM_NFSD 

STATD_OPTIONS 

LOCKD_OPTIONS 

START_MOUNTD 

MOUNTD_OPTIONS 

PCNFS_SERVER 
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$HOME/.rhostsfile, 87, 170 
* (asterisk) 

in/etc/group, 131, 139 
in/etc/passwd, 130, 195 
+ (plus sign) 

in $HOME/.rhostsfile, 87 
in /etc/hc6ts.equiv file, 87 
in automounter maps, 77 
in group file, 89, 131, 139 
in passwd file, 88, 130, 138, 
195 

A 

access denied, NFS, 179 
access export option, 87, 179 
acdirmax mount option, 45 
acdirmin mount option, 45 
acregmax mount option, 46 
acregmin mount option, 46 
actimeo mount option, 46, 206 
aliases, mail, 103 
anon export option, 26 
asterisk (*) 

in/etc/group, 131, 139 
in/etc7passwd, 130, 195 
async export option, 47, 188, 204 
asynchronous I/O, 47, 188, 204, 
206 

attribute caching, 44, 47, 96, 
188, 204, 206 

AUTH_BOGUS_CREDENTIAL, 

178 

auto_direct map, 61 
auto_master map, 56, 60, 64, 
103 

AUTO_MASTER variable, 80, 
223 

autofs script, 80 
AUTOMOUNT variable, 50, 80, 
223 


AUTOMOUNT_OPTIONS 

variable, 34, 57, 61, 65, 223 
AUTOMOUNTD_OPTIONS 
variable, 70, 215, 223 
automounter, 51 
advantages, 34 
direct vs. indirect, 58 
duration of mounts, 34, 57, 61, 
65 

environment variables in map, 
70 

hierarchical mounts, 75 
-hosts map, 35, 56 
in SAM, 52 
included files, 77 
logging, 212 
maps in NIS, 121, 123 
mounting homedirectories, 71, 
73 

multiple servers, 68 
-null map, 79 
replicat^ servers, 68 
simultaneous mounts, 75 
starting, 80, 223 
tracing, 214 

unmounting directories, 82 
verifying configuration, 81 
vs. standard mount, 34 
wildcards in maps, 71, 73 
with CacheFS, 76, 100 


B 

back filesystem, CacheFS, 96 
badxid, displayed by nfsstat, 202 
bdf, 23 

bg mount option, 41 
BIND, 177, 179 
troubleshooting, 182 
with NIS, 126, 154, 182, 196 
binding, NIS, 104, 137 
across gateways or routers, 144 
to authorized servers, 143 


biod, 47, 188, 223 
number of, 206 
stopping, 188 
block size, filesystem, 206 
bootparams file, 128 
bsize, displayed by tunefs, 206 

C 

CacheFS, 96 

automounted directories, 76, 
100 

configuring, 98 
whether to use, 97 
caching attributes 
see attri bute cachi ng, 47 
cant bi nd message, ypcat, 198 
cant match key message, 
ypmatch, 198 
cfsadmin, 98 
chkey, 146, 149, 150 
client, NFS, 18, 33 
restarting, 185 
starting, 39, 80 
stopping, 50, 185 
too slow, 206 

verifying configuration, 39 
client, NIS, 104, 137 
binding, 104 

bi ndi ng across gateways or 
routers, 144 
configuring, 137 
/etc/group file, 139 
/etc/passwd file, 138 
preventing unauthorized 
bindings, 143 
starting, 140 

verifying configuration, 141 
clntudp_create error, ypwhich, 
198 

cold cache, 96 
collision rate, 202 
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continue, in nsswitch.conf file, 
159 

CPU load, 203 
identifying CPU-intensive 
processes, 203 

cron and crontab, 135, 194, 200, 
209 

D 

data integrity, NFS, 47, 188 
data traffic, 202 
device busy, 183 
devs mount option, 42 
direct map, 60 
advantages, 58 
environment variables in, 70 
examples, 63 
modifying, 61, 66 
Diskless, NFS, 12, 204 
DNS, 177, 179 
troubleshooting, 182 
with NIS, 126, 154, 182, 196 
domain, NIS, 104 
number of, 106 
planning, 106 

domainname, 113, 132, 140, 
150, 193, 194, 196, 199, 223 
dropped packets, 202 

E 

environment variables 
in automounter maps, 70 
in rcxonfig.d directory, 223 
/etc/auto_direct file 
see auto_di rect map, 61 
/etc/auto_master file 
see auto_master map, 56 
/etc/bootparams file 
see bootparams file, 128 
/etc/ethers file 
see ethers file, 128 


/etc/exports file 
see exports file, 23 
/etc/fstab file 
seefstabfile, 31 
/etc/group file 
see group database, 20 
/etc/hosts file 
see hosts database, 103 
/etc/hosts.equivfile 
see hosts.equiv file, 87 
/etc/inetd.conf file 
see inetd.conf file, 27 
/etc/mnttab file 
see mnttabfile, 66 
/etc/netgroup file 
see netgroup file, 84 
/etc/netid file 
see netid database, 103 
/etc/netmasks file 
see netmasks file, 128 
/etc/networks file 
see networks file, 103 
/etc/nsswitch.conf file 
see nsswitch.conf file, 126 
/etc/protocols file 
see protocols file, 103 
/etc/publickey file 
see publickey database, 103 
/etcyrcconfig.d/namesvrs file 
see namesvrsfile, 27 
/etcyrcconfig.d/nfsconf file 
see nfsconf file, 27 
/etc/rpcfile 
see rpcfile, 94 
/etc/services file 
see services file, 103 
/etc/sm and /etc7sm.bak 
directories, 186 
ethers file, 128 
export options, 23 
access, 87, 179 
anon, 26 

async, 47, 188, 204 


noasync, 47, 188 
ro, 25 
rw, 25 

exportfs, 23, 29, 32, 179, 180, 
223 

exporting directories, 23 
examples, 25 
on different disks, 23 
with root access, 26 
exports file, 23 
example entries, 25 
forcing a reading of, 179 
netgroups in, 87 
removing entries, 28 


fcnti, 15 

fg mount option, 41 
file locking, 47, 188 
filesystem block size, 206 
front file system, CacheFS, 96, 
98 

fsirand, 184, 185 
fstab file, 31, 36, 39, 40, 49, 206 
CacheFS entries, 99 
example entries, 37 
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gethostbyname, 154 

group database, 20, 21, 103, 

131, 178 
netgroups in, 89 
on NIS client, 139 
on NIS master server. 111 
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group ID, 20 


226 


Index 



Index 


grpid mount option, 44 

H 

hard mount option, 32, 41, 188, 
206 

hierarchical mounts, 
automounter, 75 
home directories, automounting, 
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LOCKD_OPTI ONS variable, 
210, 223 

lockfO, 15, 47, 188 
log in, unableto, 194 
logging, 208 
automounter, 212 
handling log files, 209 
lockd, 210, 211 
mountd, 210 
netti and netfmt, 221 
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makedbm, 121, 124, 125, 126, 
150, 195, 197, 200 
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rc3.d directory, 223 
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return, in nsswitch.conf file, 159 
Revision Control System 
see RCS, 185 
REX, 16, 91, 92, 166 
client, 166 
configuring, 169 
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/sbi n/i n i t. d/nf s. cl i ent 
see nfsxlient script, 27 
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user-created keys, 146 
using, 149 

securenets file, 118, 136 
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server, NFS, 18, 22 
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slow server, NFS, 202, 203 
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Makefile vs. ypmake, 128 
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/var/yp/secureservers file 
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